Cyber Posture

CVE-2026-21906

High

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0002 5.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21906 is a high-severity Improper Handling of Exceptional Conditions (CWE-755) vulnerability in Juniper Junos. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AU-5 Response to Audit Logging Process Failures
addresses: CWE-755

Provides defined handling (alert and additional actions) for the exceptional condition of audit logging failure.

CP-12 Safe Mode
addresses: CWE-755

Supplies a concrete handling action (safe mode) for exceptional conditions, mitigating risks from improper or absent handling that could allow continued attacks.

CP-3 Contingency Training
addresses: CWE-755

By preparing users for contingency scenarios, the control promotes proper handling of exceptional conditions instead of default or unsafe behaviors.

CP-5 Contingency Plan Update
addresses: CWE-755

An updated contingency plan defines current actions for exceptional conditions, reducing the window for attackers to exploit improper handling leading to system failure.

IR-1 Policy and Procedures
addresses: CWE-755

Procedures ensure proper handling of exceptional conditions to support effective incident response.

IR-3 Incident Response Testing
addresses: CWE-755

Incident response testing confirms proper handling of exceptional conditions to limit exploit impact.

IR-7 Incident Response Assistance
addresses: CWE-755

Gives users guidance on incident handling, reducing improper handling of exceptional conditions that could stem from exploited weaknesses.

SC-24 Fail in Known State
addresses: CWE-755

Enforces structured response to exceptional conditions so the system cannot remain in an unsafe state.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Crafted ICMP packet over GRE triggers PFE crash/restart, directly enabling DoS via application/system exploitation on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to…

more

crash and restart. When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing. Note that PMI with GRE performance acceleration is only supported on specific SRX platforms. This issue affects Junos OS on the SRX Series: * all versions before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S1, 25.2R2.

Deeper analysisAI

CVE-2026-21906 is an Improper Handling of Exceptional Conditions vulnerability (CWE-755) in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. It affects configurations where PowerMode IPsec (PMI) and GRE performance acceleration are enabled, with PMI enabled by default and providing IPsec performance improvements via Vector Packet Processing. This issue impacts specific SRX platforms and all Junos OS versions prior to 21.4R3-S12, from 22.4 prior to 22.4R3-S8, from 23.2 prior to 23.2R2-S5, from 23.4 prior to 23.4R2-S5, from 24.2 prior to 24.2R2-S3, from 24.4 prior to 24.4R2-S1, from 25.2 prior to 25.2R1-S1 and 25.2R2. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

An unauthenticated network-based attacker can exploit this vulnerability by sending a specific ICMP packet through a GRE tunnel to the affected device, causing the PFE to crash and restart. This results in a temporary loss of traffic forwarding capability on the device.

Juniper's security advisory JSA106005, available at kb.juniper.net/JSA106005 and supportportal.juniper.net/JSA106005, details the affected versions and recommends upgrading to a supported release that addresses the issue, such as 21.4R3-S12 or later fixed versions in the listed branches. Additional documentation on PowerMode IPsec is at juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/topic-map/security-powermode-ipsec-vpn.html.

Details

CWE(s)
CWE-755

Affected Products

juniper
junos
21.4, 22.4, 23.2, 23.4, 24.2 · ≤ 21.4

CVEs Like This One

CVE-2026-33790Same product: Juniper Junos
CVE-2026-21920Same product: Juniper Junos
CVE-2026-21917Same product: Juniper Junos
CVE-2026-21914Same product: Juniper Junos
CVE-2026-21905Same product: Juniper Junos
CVE-2026-21918Same product: Juniper Junos
CVE-2026-33778Same product: Juniper Junos
CVE-2025-60003Same product: Juniper Junos
CVE-2025-21598Same product: Juniper Junos
CVE-2026-21913Same product: Juniper Junos

References