← Back to CVEs
CVE-2026-21918
HIGH7.5
Description
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/15/2026
Last Modified1/23/2026
Sourcenvd
Honeypot Sightings0
Affected Products
juniper:junosjuniper:mx10004juniper:mx10008juniper:mx2008juniper:mx2010juniper:mx2020juniper:mx204juniper:mx240juniper:mx304juniper:mx480juniper:mx960juniper:srx1500juniper:srx1600juniper:srx2300juniper:srx300juniper:srx320juniper:srx340juniper:srx345juniper:srx380juniper:srx4100juniper:srx4120juniper:srx4200juniper:srx4300juniper:srx4600juniper:srx4700juniper:srx5400juniper:srx5600juniper:srx5800
Weaknesses (CWE)
CWE-415
References
https://kb.juniper.net/JSA106018(sirt@juniper.net)
https://supportportal.juniper.net/JSA106018(sirt@juniper.net)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.