CVE-2026-21918
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21918
EUVD
EUVD-2026-2697
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
juniper junoss to 22.4r3-s7 (exc)
juniper junoss to 23.2r2-s3 (exc)
juniper junoss to 23.4r2-s4 (exc)
juniper junoss to 24.2r2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Double Free issue in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series devices. It occurs during TCP session establishment when a specific sequence of packets triggers the double free, causing the flowd process to crash and the Flexible PIC Concentrator (FPC) to restart. An unauthenticated, network-based attacker can exploit this vulnerability.

Impact Analysis

The vulnerability can cause a Denial-of-Service (DoS) condition by crashing the flowd process and restarting the FPC on affected devices. This can disrupt network traffic processing and potentially impact network availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21918. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart