CVE-2026-21917

Summary

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series:

  • 23.2 versions from 23.2R2-S2 before 23.2R2-S5, 
  • 23.4 versions from 23.4R2-S1 before 23.4R2-S5,
  • 24.2 versions before 24.2R2-S2,
  • 24.4 versions before 24.4R1-S3, 24.4R2.

Earlier versions of Junos are also affected, but no fix is available.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS23.2R2-S2 < 23.2R2-S5affected
Juniper NetworksJunos OS23.4R2-S1 < 23.4R2-S5affected
Juniper NetworksJunos OS24.2 < 24.2R2-S2affected
Juniper NetworksJunos OS24.4 < 24.4R1-S3, 24.4R2affected

Weaknesses

  • CWE-1286: CWE-1286 Improper Validation of Syntactic Correctness of Input

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References