CVE-2026-57032
Undergoing Analysis Undergoing Analysis - In Progress

Denial-of-Service in Juniper Junos OS on EX Series

Vulnerability report for CVE-2026-57032, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS). If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300,Β EX3400,Β EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.Β  The following log message can be seen when this issue happens: agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor> This issue affects Junos OS on EX2300, EX3400, EX4000, EX4100 and EX4400 devices: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
juniper_networks junos_os to 23.2R2-S7 (exc)
juniper_networks junos_os to 23.4R2-S8 (exc)
juniper_networks junos_os to 24.2R2-S5 (exc)
juniper_networks junos_os to 24.4R2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-236 The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Handling of Undefined Parameters in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices.

Specifically, when an authenticated attacker with low privileges attempts to subscribe to an unsupported telemetry sensor path on certain EX Series devices via gRPC, it causes the Flexible PIC Concentrator (FPC) to crash.

This crash leads to a Denial-of-Service (DoS) condition resulting in a complete service outage until the affected module automatically restarts.

  • Affected devices include EX2300, EX3400, EX4000, EX4100, and EX4400.
  • Affected software versions are all versions before 23.2R2-S7, 23.4 versions before 23.4R2-S8, 24.2 versions before 24.2R2-S5, and 24.4 versions before 24.4R2.
Impact Analysis

This vulnerability can cause a Denial-of-Service (DoS) on affected Juniper EX Series devices.

An authenticated attacker with low privileges can trigger a crash of the packet forwarding engine by subscribing to an unsupported telemetry sensor path, leading to a complete service outage.

The outage lasts until the affected module automatically restarts, potentially disrupting network operations and availability.

Detection Guidance

This vulnerability can be detected by monitoring the device logs for a specific error message that appears when the issue occurs.

  • Look for the log message: agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor>

This log message indicates that an attempt was made to subscribe to an unsupported telemetry sensor path, which triggers the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Junos OS on affected devices to a fixed version.

  • Upgrade to Junos OS version 23.2R2-S7 or later if using 23.2 versions.
  • Upgrade to Junos OS version 23.4R2-S8 or later if using 23.4 versions.
  • Upgrade to Junos OS version 24.2R2-S5 or later if using 24.2 versions.
  • Upgrade to Junos OS version 24.4R2 or later if using 24.4 versions.

These upgrades address the improper handling of undefined parameters in the packet forwarding engine that causes the Denial-of-Service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57032. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart