CVE-2026-21918
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junoss | to 22.4r3-s7 (exc) |
| juniper | junoss | to 23.2r2-s3 (exc) |
| juniper | junoss | to 23.4r2-s4 (exc) |
| juniper | junoss | to 24.2r2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Double Free issue in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series devices. It occurs during TCP session establishment when a specific sequence of packets triggers the double free, causing the flowd process to crash and the Flexible PIC Concentrator (FPC) to restart. An unauthenticated, network-based attacker can exploit this vulnerability.
How can this vulnerability impact me? :
The vulnerability can cause a Denial-of-Service (DoS) condition by crashing the flowd process and restarting the FPC on affected devices. This can disrupt network traffic processing and potentially impact network availability.