CVE-2026-21905
Published: 15 January 2026
Summary
CVE-2026-21905 is a high-severity Infinite Loop (CWE-835) vulnerability in Juniper Junos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote unauthenticated exploitation of a public-facing SIP ALG service on network devices (T1190) to trigger process crash via crafted input, resulting in endpoint DoS (T1499.004).
NVD Description
A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages…
more
over TCP to crash the flow management process, leading to a Denial of Service (DoS). On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC. This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue. This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC: * all versions before 21.2R3-S10, * from 21.4 before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S1, 25.2R2.
Deeper analysisAI
CVE-2026-21905 is a Loop with Unreachable Exit Condition (infinite loop) vulnerability, classified under CWE-835, in the Session Initiation Protocol (SIP) application layer gateway (ALG) of Juniper Networks Junos OS. It affects SRX Series devices and MX Series routers equipped with MX-SPC3 or MS-MPC service cards. The vulnerability arises when the SIP ALG incorrectly parses multiple SIP headers in messages received over TCP, leading to a continuous parsing loop that triggers a watchdog timer expiration. This crashes the flowd process on SRX Series and MX Series with MX-SPC3, or the mspmand process on MX Series with MS-MPC. The issue does not affect SIP messages over UDP and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Vulnerable versions include all releases prior to 21.2R3-S10, and specific ranges in the 21.4, 22.4, 23.2, 23.4, 24.2, 24.4, and 25.2 series.
An unauthenticated, network-based attacker can exploit this vulnerability by sending crafted SIP messages over TCP to a vulnerable device. Receipt of multiple such messages triggers the infinite loop in the SIP ALG, causing the flow management process to crash and resulting in a Denial of Service (DoS) condition. The crash disrupts traffic processing on the affected service cards, potentially impacting SIP-related traffic forwarding until the process restarts.
Juniper Security Advisory JSA106004, available at kb.juniper.net/JSA106004 and supportportal.juniper.net/JSA106004, details the affected versions and recommends upgrading to a fixed release, such as 21.2R3-S10 or later non-vulnerable versions in the specified series, to mitigate the issue. No workarounds are mentioned in the provided information.
Details
- CWE(s)