Cyber Resilience

CVE-2026-21917

High

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
EPSS Score 0.0037 29.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21917 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Juniper Junos. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21917 is an Improper Validation of Syntactic Correctness of Input vulnerability (CWE-1286) in the Web-Filtering module of Juniper Networks Junos OS on SRX Series devices. When an SRX device is configured for UTM Web-Filtering, it can be triggered by a specifically malformed SSL packet, causing an FPC crash and restart, resulting in a Denial-of-Service (DoS) condition. The vulnerability affects Junos OS versions 23.2 from 23.2R2-S2 before 23.2R2-S5, 23.4 from 23.4R2-S1 before 23.4R2-S5, 24.2 before 24.2R2-S2, and 24.4 before 24.4R1-S3 or 24.4R2; earlier versions are also affected but have no available fix. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

An unauthenticated, network-based attacker can exploit this vulnerability by sending a malformed SSL packet to an affected SRX device with UTM Web-Filtering enabled. Successful exploitation leads to an FPC crash and restart, disrupting network traffic processing on the device until recovery.

Juniper's security advisory JSA105996, detailed at https://kb.juniper.net/JSA105996 and https://supportportal.juniper.net/JSA105996, recommends upgrading to a fixed release as the primary mitigation: Junos OS 23.2R2-S5 or later, 23.4R2-S5 or later, 24.2R2-S2 or later, 24.4R1-S3 or later, or 24.4R2 or later. No workarounds are specified for affected versions lacking fixes.

EU & UK References

Vulnerability details

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives…

more

a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated malformed SSL packet triggers FPC crash/DoS on public-facing SRX web-filtering service (T1190); maps directly to application/system exploitation for endpoint DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33778Same product: Juniper Junos
CVE-2026-21914Same product: Juniper Junos
CVE-2026-21906Same product: Juniper Junos
CVE-2026-33790Same product: Juniper Junos
CVE-2026-21920Same product: Juniper Junos
CVE-2026-21905Same product: Juniper Junos
CVE-2026-21918Same product: Juniper Junos
CVE-2024-39564Same product: Juniper Junos
CVE-2025-60003Same product: Juniper Junos
CVE-2025-21598Same product: Juniper Junos

Affected Assets

juniper
junos
23.2, 23.4, 24.2, 24.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the improper validation of syntactic correctness of input (CWE-1286) in the Web-Filtering module by requiring syntax, semantics, and content checks on malformed SSL packets.

prevent

Addresses the vulnerability through timely flaw remediation by applying vendor-recommended Junos OS patches to eliminate the input validation flaw.

prevent

Limits the effects of the network-based DoS attack causing FPC crashes by implementing protections against malformed packet-induced resource exhaustion or failures.

References