CVE-2026-21917
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-21917, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,Β  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-07-06
AI Q&A
2026-01-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
juniper_networks junos_os From 23.2R2-S2 (inc) to 23.2R2-S5 (exc)
juniper_networks junos_os From 23.4R2-S1 (inc) to 23.4R2-S5 (exc)
juniper_networks junos_os to 24.2R2-S2 (exc)
juniper_networks junos_os to 24.4R1-S3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper validation of syntactic correctness of input in the Web-Filtering module of Juniper Networks Junos OS on SRX Series devices. An unauthenticated attacker can send a specifically malformed SSL packet to an SRX device configured for UTM Web-Filtering, causing the device's FPC (Flexible PIC Concentrator) to crash and restart, resulting in a Denial-of-Service (DoS).

Impact Analysis

The vulnerability can cause a Denial-of-Service (DoS) on affected Junos OS SRX Series devices. This means that an attacker can disrupt network services by causing the device to crash and restart, potentially leading to network downtime and loss of availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21917. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart