CVE-2026-57020
Undergoing Analysis Undergoing Analysis - In Progress

Denial-of-Service in Juniper Networks Junos OS on QFX10000 Series

Vulnerability report for CVE-2026-57020, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI)Β leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic. This issue affects Junos OS on QFX10000 Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4. This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
juniper junoss to 23.2r2-s7 (exc)
juniper junoss to 23.4r2-s8 (exc)
juniper junoss to 24.2r2-s4 (exc)
juniper junoss to 24.4r2-s4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Check for Unusual or Exceptional Conditions in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series devices. It allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS) by sending IPv6 multicast traffic in an EVPN-VxLAN scenario. When these packets reach the non-IRB interface of a spine switch, they are flooded to other spine and leaf switches, causing an endless loop of packet forwarding. This loop saturates network links and disrupts legitimate traffic.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Junos OS on QFX10000 Series devices are updated to a fixed version. Specifically, upgrade to one of the following versions or later:

  • 23.2R2-S7 or later
  • 23.4R2-S8 or later
  • 24.2R2-S4 or later
  • 24.4R2-S4 or later

If you are running versions after 24.4, note that QFX10000 Series devices are no longer supported on those versions.

Impact Analysis

The impact of this vulnerability is a Denial-of-Service (DoS) condition on the affected network devices. The endless loop of packet forwarding caused by the vulnerability can saturate network links, leading to degraded or completely disrupted legitimate network traffic. This can affect network availability and performance for users relying on the QFX10000 Series devices in an EVPN-VxLAN environment.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57020. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart