CVE-2026-57019
Undergoing Analysis Undergoing Analysis - In Progress

Denial-of-Service in Juniper Networks Junos OS MX Series

Vulnerability report for CVE-2026-57019, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered. Affected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE). When this issue happens the following logs can be observed: fpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default fpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
juniper junoss to 23.2r2 (exc)
juniper junoss to 23.4r2-s7 (exc)
juniper junoss to 24.2r2-s4 (exc)
juniper junoss to 24.4r2-s4 (exc)
juniper junoss to 25.2r2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Validation of Specified Quantity in Input in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series devices.

An unauthenticated attacker located in the same broadcast domain can send a specially crafted packet that causes the affected system to incorrectly calculate the packet size.

This miscalculation causes packet processing to fail, triggering a major error in the Forwarding Plane Card (FPC), which results in the FPC resetting and impacting traffic until it recovers automatically.

The vulnerability affects scenarios involving MAP-T or non-IP traffic encapsulated in IP, such as MPLS over GRE.

Impact Analysis

The primary impact of this vulnerability is a Denial-of-Service (DoS) condition on affected Junos OS MX Series devices.

When exploited, the device's Forwarding Plane Card (FPC) experiences a major error and resets, causing traffic disruption until the FPC automatically recovers.

This can lead to temporary loss of network availability and degraded service for users relying on the affected device.

Detection Guidance

This vulnerability can be detected by monitoring the system logs for specific error messages related to the Packet Forwarding Engine (pfe) on affected Juniper MX Series devices.

Look for log entries indicating an FPC major error and reset triggered by packet size miscalculation, such as:

  • fpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow
  • fpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major

To detect these logs, you can use Junos OS CLI commands such as 'show log messages | match MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF' or monitor the system log for FPC resets.

Mitigation Strategies

The immediate mitigation step is to upgrade the Junos OS on affected MX Series devices to a fixed version that addresses this vulnerability.

  • Upgrade to Junos OS version 23.2R2-S6 or later if using 23.2 versions.
  • Upgrade to 23.4R2-S7 or later if using 23.4 versions.
  • Upgrade to 24.2R2-S4 or later if using 24.2 versions.
  • Upgrade to 24.4R2-S4 or later if using 24.4 versions.
  • Upgrade to 25.2R2 or later if using 25.2 versions.

Until the upgrade can be applied, consider monitoring for the described error logs and FPC resets to detect exploitation attempts and minimize impact.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57019. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart