CVE-2026-21918

High CVSS: 8.7

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.

This issue affects Junos OS on SRX and MX Series:

* all versions before 22.4R3-S7,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2.

Vendor

Juniper

Product

Junos

CWE

CWE-415

Yayın Tarihi

2026-01-15 21:16:08

Güncelleme

2026-01-23 19:41:38

Source Identifier

sirt@juniper.net

KEV Date Added

Kategoriler

CWE-415 Junos HIGH Juniper 2026

Referanslar

https://kb.juniper.net/JSA106018 https://supportportal.juniper.net/JSA106018

Benzer Kayıtlar

Critical

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juni…

High

CVE-2026-21920

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthent…

High

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows…

High

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS E…

Medium

CVE-2026-21912

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statist…

High

CVE-2026-21913

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS…