CVE-2026-21906— Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21906
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing. Note that PMI with GRE performance acceleration is only supported on specific SRX platforms. This issue affects Junos OS on the SRX Series: * all versions before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S1, 25.2R2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对异常条件的处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS 21.4R3-S12之前版本、22.4R3-S8之前版本、23.2R2-S5之前版本、23.4R2-S5之前版本、24.2R2-S3之前版本、24.4R2-S1之前版本、25.2R1-S1和25.2R2之前版本存在安全漏洞,该漏洞源于数据包转发引擎异常条件处
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Juniper Networks | Junos OS | 0 ~ 21.4R3-S12 | - |
II. Public POCs for CVE-2026-21906
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21906
请登录查看更多情报信息。
Same Patch Batch · Juniper Networks · 2026-01-15 · 23 CVEs total
| CVE-2026-21920 | 7.5 HIGH | Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will c |
| CVE-2026-21918 | 7.5 HIGH | Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes |
| CVE-2025-60003 | 7.5 HIGH | Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd cra |
| CVE-2026-21917 | 7.5 HIGH | Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash |
| CVE-2026-21914 | 7.5 HIGH | Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash |
| CVE-2026-21913 | 7.5 HIGH | Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and res |
| CVE-2026-21905 | 7.5 HIGH | Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP m |
| CVE-2025-59960 | 7.4 HIGH | Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodifie |
| CVE-2026-21908 | 7.1 HIGH | Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemo |
| CVE-2026-21921 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and un |
| CVE-2026-21911 | 6.5 MEDIUM | Junos OS Evolved: Flapping management interface causes MAC learning on label-switched inte |
| CVE-2026-21910 | 6.5 MEDIUM | Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter |
| CVE-2026-21909 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak |
| CVE-2026-21903 | 6.5 MEDIUM | Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash |
| CVE-2026-0203 | 6.5 MEDIUM | Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart |
| CVE-2025-52987 | 6.1 MEDIUM | Paragon Automation: A clickjacking vulnerability in the web server configuration has been |
| CVE-2026-21907 | 5.9 MEDIUM | Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers) |
| CVE-2025-60011 | 5.8 MEDIUM | Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propag |
| CVE-2026-21912 | 5.5 MEDIUM | Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 lin |
| CVE-2025-60007 | 5.5 MEDIUM | Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash |
Showing top 20 of 23 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
Same vendor: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
Same weakness: CWE-755
- CVE-2026-23666
.NET Framework Denial of Service Vulnerability - CVE-2026-40074
SvelteKit's invalidated redirect in handle hook causes Denia - CVE-2026-28542
Huawei EMUI和Huawei HarmonyOS 安全漏洞 - CVE-2026-27195
Wasmtime is vulnerable to panic when dropping a `[Typed]Func - CVE-2026-27586
Caddy's mTLS client authentication silently fails open when
V. Comments for CVE-2026-21906
No comments yet