Vulnerability

CERT-In Vulnerability Note CIVN-2026-0054
Denial of Service Vulnerability in Juniper SRX

Original Issue Date:January 29, 2026

Severity Rating: HIGH

Software Affected

Junos OS on the SRX Series:

all versions before 21.4R3-S12,
from 22.4 before 22.4R3-S8,
from 23.2 before 23.2R2-S5,
from 23.4 before 23.4R2-S5,
from 24.2 before 24.2R2-S3,
from 24.4 before 24.4R2-S1,
from 25.2 before 25.2R1-S1, 25.2R2.

Overview

A Vulnerability has been reported in Juniper SRX devices by sending a crafted ICMP packet over a GRE tunnel, causing the PFE to crash and restart.

Target Audience:
Network administrators, security engineers, SOC analysts, and IT operations teams responsible for managing and securing Juniper SRX Series firewalls running Junos OS.

Risk Assessment:
High risks of service interruption and unauthorized access.

Impact Assessment:
Potential impact on confidentiality, integrity and availability of the system.

Description

This vulnerability exists in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS running on SRX Series devices due to improper handling of exceptional conditions within the PFE. An unauthenticated, network-based attacker can exploit this vulnerability by sending a specially crafted ICMP packet through a GRE tunnel, causing the PFE to crash and restart.

Successful exploitation of this vulnerability could allow a system crash and disruption of packet forwarding.

Workaround

Disable GRE performance acceleration via "deactivate security flow gre-performance-acceleration"
Disable PMI via "set security flow power-mode-disable"

Solution

Apply appropriate updates as mentioned in:
The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.

Vendor Information

Juniper
https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906

References

CVE Name
CVE-2026-21906

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India