Cyber Resilience

CVE-2026-21906

High

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Red
EPSS Score 0.0050 38.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21906 is a high-severity Improper Handling of Exceptional Conditions (CWE-755) vulnerability in Juniper Junos. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-21906 is an Improper Handling of Exceptional Conditions vulnerability (CWE-755) in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. It affects configurations where PowerMode IPsec (PMI) and GRE performance acceleration are enabled, with PMI enabled by default and providing IPsec performance improvements via Vector Packet Processing. This issue impacts specific SRX platforms and all Junos OS versions prior to 21.4R3-S12, from 22.4 prior to 22.4R3-S8, from 23.2 prior to 23.2R2-S5, from 23.4 prior to 23.4R2-S5, from 24.2 prior to 24.2R2-S3, from 24.4 prior to 24.4R2-S1, from 25.2 prior to 25.2R1-S1 and 25.2R2. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

An unauthenticated network-based attacker can exploit this vulnerability by sending a specific ICMP packet through a GRE tunnel to the affected device, causing the PFE to crash and restart. This results in a temporary loss of traffic forwarding capability on the device.

Juniper's security advisory JSA106005, available at kb.juniper.net/JSA106005 and supportportal.juniper.net/JSA106005, details the affected versions and recommends upgrading to a supported release that addresses the issue, such as 21.4R3-S12 or later fixed versions in the listed branches. Additional documentation on PowerMode IPsec is at juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/topic-map/security-powermode-ipsec-vpn.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to…

more

crash and restart. When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing. Note that PMI with GRE performance acceleration is only supported on specific SRX platforms. This issue affects Junos OS on the SRX Series: * all versions before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S1, 25.2R2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Crafted ICMP packet over GRE triggers PFE crash/restart, directly enabling DoS via application/system exploitation on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33790Same product: Juniper Junos
CVE-2026-21920Same product: Juniper Junos
CVE-2026-21917Same product: Juniper Junos
CVE-2026-21914Same product: Juniper Junos
CVE-2026-21905Same product: Juniper Junos
CVE-2026-21918Same product: Juniper Junos
CVE-2026-33778Same product: Juniper Junos
CVE-2024-39564Same product: Juniper Junos
CVE-2025-21598Same product: Juniper Junos
CVE-2025-60003Same product: Juniper Junos

Affected Assets

juniper
junos
21.4, 22.4, 23.2, 23.4, 24.2 · ≤ 21.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely application of vendor patches to fix the improper exception handling in the PFE for specific ICMP packets through GRE tunnels.

prevent

Addresses the core CWE-755 improper handling of exceptional conditions by ensuring the PFE processes malformed ICMP packets without crashing.

prevent

Protects the SRX Series PFE from denial-of-service crashes triggered by crafted ICMP packets in GRE tunnels with PMI enabled.

References