CVE-2026-57030
Undergoing Analysis Undergoing Analysis - In Progress

Race Condition in Juniper Networks Junos OS on SRX Series

Vulnerability report for CVE-2026-57030, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds: user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary': user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot. This issue affects Junos OS on SRX Series: * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2Β versionsΒ before 25.2R1-S2, 25.2R2. This issue does not affect releases earlier than 24.2R1;

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
juniper junios to 24.2R2-S3 (exc)
juniper junios to 24.4R2-S1 (exc)
juniper junios 24.4R2-S2
juniper junios to 25.2R1-S2 (exc)
juniper junios 25.2R2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. It occurs during the removal of network flows, where the timeout for a flow should be set to 3 seconds before removal. However, due to improper synchronization, the timeout can instead be set to a very high value (greater than 10,000 seconds).

As a result, flows accumulate because they are not removed as expected. These invalidated sessions cannot be cleared manually, which can cause the forwarding process to stop or cause the system to crash and reboot automatically.

Impact Analysis

The vulnerability can lead to a Denial-of-Service (DoS) condition on affected Junos OS SRX Series devices. Because flows are not properly removed, the system accumulates invalidated sessions, which can overwhelm the device.

This can cause network traffic forwarding to stop, requiring a manual system reboot to recover, or it can cause the flowd process to crash and trigger an automatic reboot, disrupting network availability.

Detection Guidance

This vulnerability can be detected by monitoring the flow session timeouts and the number of invalidated sessions on Juniper SRX Series devices running affected Junos OS versions.

  • Use the command 'show security flow session | match timeout' to identify sessions with unusually high timeout values (greater than 10,000 seconds).
  • Use the command 'show security flow session summary | match invalid' to observe the number of invalidated sessions accumulating.

An increasing number of invalidated sessions that cannot be cleared manually indicates the presence of this race condition vulnerability.

Mitigation Strategies

Immediate mitigation involves upgrading the Junos OS on SRX Series devices to a fixed version that addresses this race condition.

  • Upgrade to Junos OS versions 24.2R2-S3 or later for the 24.2 branch.
  • Upgrade to versions 24.4R2-S1 or later for the 24.4 branch.
  • Upgrade to versions 25.2R1-S2 or later for the 25.2 branch.

Until the upgrade is applied, monitor the flow sessions closely to detect abnormal behavior and be prepared to manually reboot the device if forwarding stops or flowd crashes occur.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart