CVE-2026-21920
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | juniper_junos | to 23.4R2-S5 (exc) |
| juniper | juniper_junos | to 24.2R2-S1 (exc) |
| juniper | juniper_junos | to 24.4R2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unchecked Return Value issue in the DNS module of Juniper Networks Junos OS on SRX Series devices. It allows an unauthenticated attacker on the network to send a specially crafted DNS request that causes the flowd process to crash and restart, leading to a Denial-of-Service (DoS) condition.
How can this vulnerability impact me? :
The impact of this vulnerability is a Denial-of-Service (DoS) on affected SRX Series devices. When exploited, the flowd process crashes and restarts, causing a temporary service interruption until recovery, which can disrupt network operations and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Juniper SRX Series devices are running a Junos OS version that is not affected. Specifically, upgrade to versions 23.4R2-S5 or later for 23.4 releases, 24.2R2-S1 or later for 24.2 releases, or 24.4R2 or later for 24.4 releases. Avoid using affected versions before these fixed releases to prevent the Denial-of-Service caused by the DNS module vulnerability.