CVE-2026-57029
Undergoing Analysis Undergoing Analysis - In Progress

Missing Synchronization DoS in Junos OS Evolved on QFX Series

Vulnerability report for CVE-2026-57029, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS). When the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed. This issue affects Junos OS Evolved on QFX Series: * all 23.2 versions,  * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S5-EVO, * 24.4 versions before 24.4R2-S3-EVO, * 25.2 versions before 25.2R2-EVO.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
juniper_networks junos_os_evolved 23.2
juniper_networks junos_os_evolved to 23.4R2-S7-EVO (exc)
juniper_networks junos_os_evolved to 24.2R2-S5-EVO (exc)
juniper_networks junos_os_evolved to 24.4R2-S3-EVO (exc)
juniper_networks junos_os_evolved to 25.2R2-EVO (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-820 The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Synchronization issue in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series devices. It allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS) condition.

Specifically, when the reachability of an sFlow collector changes, the system updates the corresponding next-hop entry. If this update happens at the same time as the sFlow thread is accessing the next-hop data, it causes a process called evo-pfemand to crash. This crash disrupts all traffic forwarding until the process automatically restarts.

Impact Analysis

The main impact of this vulnerability is a Denial-of-Service (DoS) condition on affected Juniper QFX Series devices running Junos OS Evolved. An attacker adjacent to the device can trigger a crash of the evo-pfemand process, which handles traffic forwarding.

During the crash and subsequent automatic restart of this process, all traffic forwarding is impacted, potentially causing network outages or degraded network performance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57029. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart