CVE-2026-21917
Published: 15 January 2026
Summary
CVE-2026-21917 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Juniper Junos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated malformed SSL packet triggers FPC crash/DoS on public-facing SRX web-filtering service (T1190); maps directly to application/system exploitation for endpoint DoS (T1499.004).
NVD Description
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives…
more
a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.
Deeper analysisAI
CVE-2026-21917 is an Improper Validation of Syntactic Correctness of Input vulnerability (CWE-1286) in the Web-Filtering module of Juniper Networks Junos OS on SRX Series devices. When an SRX device is configured for UTM Web-Filtering, it can be triggered by a specifically malformed SSL packet, causing an FPC crash and restart, resulting in a Denial-of-Service (DoS) condition. The vulnerability affects Junos OS versions 23.2 from 23.2R2-S2 before 23.2R2-S5, 23.4 from 23.4R2-S1 before 23.4R2-S5, 24.2 before 24.2R2-S2, and 24.4 before 24.4R1-S3 or 24.4R2; earlier versions are also affected but have no available fix. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An unauthenticated, network-based attacker can exploit this vulnerability by sending a malformed SSL packet to an affected SRX device with UTM Web-Filtering enabled. Successful exploitation leads to an FPC crash and restart, disrupting network traffic processing on the device until recovery.
Juniper's security advisory JSA105996, detailed at https://kb.juniper.net/JSA105996 and https://supportportal.juniper.net/JSA105996, recommends upgrading to a fixed release as the primary mitigation: Junos OS 23.2R2-S5 or later, 23.4R2-S5 or later, 24.2R2-S2 or later, 24.4R1-S3 or later, or 24.4R2 or later. No workarounds are specified for affected versions lacking fixes.
Details
- CWE(s)