CVE-2026-21914
Published: 15 January 2026
Summary
CVE-2026-21914 is a high-severity Improper Locking (CWE-667) vulnerability in Juniper Junos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed GTP packet triggers improper lock leading to crash; directly enables remote exploitation of public-facing service for endpoint DoS.
NVD Description
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify…
more
Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects Junos OS on SRX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S1, 25.2R2.
Deeper analysisAI
CVE-2026-21914 is an Improper Locking vulnerability (CWE-667) in the GTP plugin of Juniper Networks Junos OS on SRX Series devices. It affects all versions prior to 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S3, 24.4 versions before 24.4R2-S2, and 25.2 versions before 25.2R1-S1 or 25.2R2. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-01-15.
An unauthenticated, network-based attacker can exploit this vulnerability by sending a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message to an SRX Series device. This causes a lock to be acquired and never released in the GTP plugin, preventing other threads from acquiring the lock, which triggers a watchdog timeout. The result is an FPC crash and restart, leading to a complete traffic outage until the device automatically recovers, effectively causing a Denial-of-Service (DoS).
Juniper's security advisory JSA106015, available at kb.juniper.net/JSA106015 and supportportal.juniper.net/JSA106015, details the issue and confirms that it is resolved in the listed patched versions of Junos OS on SRX Series devices. Security practitioners should upgrade affected systems to these versions to mitigate the vulnerability.
Details
- CWE(s)