CVE-2026-21917
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,Β  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21917
EUVD
EUVD-2026-2689
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
juniper_networks junos_os From 23.2R2-S2 (inc) to 23.2R2-S5 (exc)
juniper_networks junos_os From 23.4R2-S1 (inc) to 23.4R2-S5 (exc)
juniper_networks junos_os to 24.2R2-S2 (exc)
juniper_networks junos_os to 24.4R1-S3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper validation of syntactic correctness of input in the Web-Filtering module of Juniper Networks Junos OS on SRX Series devices. An unauthenticated attacker can send a specifically malformed SSL packet to an SRX device configured for UTM Web-Filtering, causing the device's FPC (Flexible PIC Concentrator) to crash and restart, resulting in a Denial-of-Service (DoS).

Impact Analysis

The vulnerability can cause a Denial-of-Service (DoS) on affected Junos OS SRX Series devices. This means that an attacker can disrupt network services by causing the device to crash and restart, potentially leading to network downtime and loss of availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21917. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart