Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-57030— Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS

CVSS 5.9 · Medium EPSS 0.38% · P30

Affected Version Matrix 4

VendorProductVersion RangeStatus
Juniper NetworksJunos OS24.2< 24.2R2-S3affected
24.4< 24.4R2-S1affected
25.2< 25.2R1-S2affected
< 24.2R1unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-57030

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds: user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary': user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot. This issue affects Junos OS on SRX Series: * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect releases earlier than 24.2R1;
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国Juniper Networks公司的一款专为路由器、交换机和防火墙等物理及虚拟设备打造的网络操作系统。 Juniper Networks Junos OS存在竞争条件问题漏洞,该漏洞源于数据包转发引擎中的竞争条件问题,可能导致未经身份验证的网络攻击者造成拒绝服务。以下版本受到影响:24.2版本至24.2R2-S3之前版本、24.4版本至24.4R2-S1之前版本和25.2版本至25.2R1-S2之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 24.2 ~ 24.2R2-S3 -

II. Public POCs for CVE-2026-57030

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-57030

登录查看更多情报信息。

Vendor Advisories for CVE-2026-57030 (1)

Same Patch Batch · Juniper Networks · 2026-07-09 · 22 CVEs total

CVE-2026-570267.5 HIGHJunos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invi
CVE-2026-570237.5 HIGHJunos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd cra
CVE-2026-570287.3 HIGHJunos OS Evolved: A port which has been inadvertently exposed can be reached by an attacke
CVE-2026-570326.5 MEDIUMJunos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc proce
CVE-2026-338006.5 MEDIUMJunos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an
CVE-2026-570276.5 MEDIUMJunos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic
CVE-2026-338016.5 MEDIUMJunos OS and Junos OS Evolved: When a specifically malformed BGP route update is received
CVE-2026-338036.5 MEDIUMJunos OS Evolved: A port which has been inadvertently exposed can be reached by an attacke
CVE-2026-570196.5 MEDIUMJunos OS: MX Series: Specific traffic causes an FPC to reset
CVE-2026-570206.5 MEDIUMJunos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a
CVE-2026-570225.9 MEDIUMJunos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection
CVE-2026-337945.9 MEDIUMJunos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE cras
CVE-2026-570545.8 MEDIUMJunos OS: MX Series: Web filtering doesn't block specifically formatted URLs
CVE-2026-338025.5 MEDIUMJunos OS: EX Series: Unauthorized users can execute service-impacting CLI command
CVE-2026-570255.5 MEDIUMJunos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learn
CVE-2026-570215.3 MEDIUMJunos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk
CVE-2026-570245.3 MEDIUMJunos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually caus
CVE-2026-570295.3 MEDIUMJunos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand proces
CVE-2026-570314.7 MEDIUMJunos OS: MX Series: For subscribers configured on static interfaces, input filters are no
CVE-2026-219014.4 MEDIUMJunos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash

Showing top 20 of 22 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-57030

No comments yet


Leave a comment