๐Ÿ” CVE Alert

CVE-2026-57026

HIGH 7.5

Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash

CVSS Score
7.5
EPSS Score
0.5%
EPSS Percentile
37th

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX Series with SPC3 and SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S2.

CWE CWE-1286
Vendor juniper networks
Product junos os
Published Jul 9, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for juniper networks junos os

Be the first to know when new high vulnerabilities affecting juniper networks junos os are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Juniper Networks / Junos OS
0 < 23.2R2-S7 23.4 < 23.4R2-S8 24.2 < 24.2R2-S5 24.4 < 24.4R2-S4 25.2 < 25.2R2 25.4 < 25.4R1-S2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
supportportal.juniper.net: https://supportportal.juniper.net/JSA110086