CVE-2026-21920

15.01.2026, 21:16

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).




If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.

This issue affects Junos OS on SRX Series:



  *  23.4 versions before 23.4R2-S5,
  *  24.2 versions before 24.2R2-S1,
  *  24.4 versions before 24.4R2.






This issue does not affect Junos OS versions before 23.4R1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-252 - Unchecked Return Value
The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Vulnerability Media Exposure

[GERMAN] Juniper Junos OS, Junos Space: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS und Juniper Junos Space ausnutzen, um falsche Informationen darzustellen, beliebigen Code mit Root-Rechten auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-01-14T23:00:00+00:00

References

https://kb.juniper.net/JSA106020

https://supportportal.juniper.net/JSA106020