CVE-2026-33790

Received Received - Intake

Improper Condition Check in Junos SRX Causes DoS via ICMPv

Publication date: 2026-04-09

Last updated on: 2026-04-17

Assigner: Juniper Networks, Inc.

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition. During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart. This issue cannot be triggered using IPv4 nor other IPv6 traffic. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S10, * all versions of 21.3, * from 21.4 before 21.4R3-S12, * all versions of 22.1, * from 22.2 before 22.2R3-S8, * all versions of 22.4, * from 22.4 before 22.4R3-S9, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S3, * from 25.2 before 25.2R1-S2, 25.2R2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-04-09

Last Modified

2026-04-17

Generated

2026-05-07

AI Q&A

2026-04-10

EPSS Evaluated

2026-05-05

NVD

CVE-2026-33790

EUVD

EUVD-2026-21206

Affected Vendors & Products

Vendor	Product	Version / Range
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.3
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	22.4
juniper	junos	to 21.2 (exc)
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	21.2
juniper	junos	22.4
juniper	junos	22.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	23.2
juniper	junos	21.2
juniper	junos	22.4
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	23.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	21.2
juniper	junos	22.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	23.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.4
juniper	junos	23.2
juniper	junos	24.2
juniper	junos	24.2
juniper	junos	23.4
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	24.2
juniper	junos	24.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	24.2
juniper	junos	24.4
juniper	junos	24.4
juniper	junos	24.4
juniper	junos	24.4
juniper	junos	24.2
juniper	junos	24.4
juniper	junos	23.4
juniper	junos	24.2
juniper	junos	24.4
juniper	junos	25.2
juniper	junos	25.2
juniper	junos	25.2
juniper	junos	25.2
juniper	junos	21.2
juniper	junos	22.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	22.1
juniper	junos	22.2
juniper	junos	24.4
juniper	junos	22.4

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-754	The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is an Improper Check for Unusual or Exceptional Conditions in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series devices.

An attacker can send a specific, malformed ICMPv6 packet that causes the srxpfe process to crash and restart repeatedly.

This repeated crashing leads to a sustained Denial of Service (DoS) condition on the affected device.

The issue specifically occurs during NAT64 translation when the malformed ICMPv6 packet is destined to the device.

This vulnerability cannot be triggered using IPv4 or other types of IPv6 traffic.

How can this vulnerability impact me? :

The primary impact of this vulnerability is a Denial of Service (DoS) condition on Juniper SRX Series devices running affected versions of Junos OS.

An attacker can cause the srxpfe process to crash repeatedly by sending malformed ICMPv6 packets, which can disrupt normal device operation.

This disruption can lead to network outages or degraded network performance, affecting availability of services relying on the device.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-33790

Improper Condition Check in Junos SRX Causes DoS via ICMPv

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart