CVE-2026-21917— Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21917
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1286
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS 23.2R2-S5之前版本、23.4R2-S5之前版本、24.2R2-S2之前版本、24.4R1-S3和24.4R2之前版本存在安全漏洞,该漏洞源于Web过滤模块存在输入语法正确性验证不当,可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Juniper Networks | Junos OS | 23.2R2-S2 ~ 23.2R2-S5 | - |
II. Public POCs for CVE-2026-21917
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21917
请登录查看更多情报信息。
Same Patch Batch · Juniper Networks · 2026-01-15 · 23 CVEs total
| CVE-2026-21913 | 7.5 HIGH | Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and res |
| CVE-2026-21920 | 7.5 HIGH | Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will c |
| CVE-2025-60003 | 7.5 HIGH | Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd cra |
| CVE-2026-21918 | 7.5 HIGH | Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes |
| CVE-2026-21914 | 7.5 HIGH | Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash |
| CVE-2026-21905 | 7.5 HIGH | Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP m |
| CVE-2026-21906 | 7.5 HIGH | Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICM |
| CVE-2025-59960 | 7.4 HIGH | Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodifie |
| CVE-2026-21908 | 7.1 HIGH | Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemo |
| CVE-2026-21903 | 6.5 MEDIUM | Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash |
| CVE-2026-21911 | 6.5 MEDIUM | Junos OS Evolved: Flapping management interface causes MAC learning on label-switched inte |
| CVE-2026-21910 | 6.5 MEDIUM | Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter |
| CVE-2026-21909 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak |
| CVE-2026-0203 | 6.5 MEDIUM | Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart |
| CVE-2026-21921 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and un |
| CVE-2025-52987 | 6.1 MEDIUM | Paragon Automation: A clickjacking vulnerability in the web server configuration has been |
| CVE-2026-21907 | 5.9 MEDIUM | Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers) |
| CVE-2025-60011 | 5.8 MEDIUM | Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propag |
| CVE-2026-21912 | 5.5 MEDIUM | Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 lin |
| CVE-2025-60007 | 5.5 MEDIUM | Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash |
Showing top 20 of 23 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
Same vendor: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
Same weakness: CWE-1286
- CVE-2026-6442
Improper Command Detection Logic Allows RCE in Cortex Code C - CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not valid - CVE-2026-33778
Junos OS: SRX Series, MX Series: When a specifically malform - CVE-2026-34835
Rack: `Rack::Request` accepts invalid Host characters, enabl - CVE-2026-20114
Cisco IOS XE Software 安全漏洞
V. Comments for CVE-2026-21917
No comments yet