CVE-2026-21920
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21920
EUVD
EUVD-2026-2685
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
juniper juniper_junos to 23.4R2-S5 (exc)
juniper juniper_junos to 24.2R2-S1 (exc)
juniper juniper_junos to 24.4R2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Unchecked Return Value issue in the DNS module of Juniper Networks Junos OS on SRX Series devices. It allows an unauthenticated attacker on the network to send a specially crafted DNS request that causes the flowd process to crash and restart, leading to a Denial-of-Service (DoS) condition.

Impact Analysis

The impact of this vulnerability is a Denial-of-Service (DoS) on affected SRX Series devices. When exploited, the flowd process crashes and restarts, causing a temporary service interruption until recovery, which can disrupt network operations and availability.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Juniper SRX Series devices are running a Junos OS version that is not affected. Specifically, upgrade to versions 23.4R2-S5 or later for 23.4 releases, 24.2R2-S1 or later for 24.2 releases, or 24.4R2 or later for 24.4 releases. Avoid using affected versions before these fixed releases to prevent the Denial-of-Service caused by the DNS module vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21920. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart