CVE-2026-21918
HIGHJuniper Junos < 22.4 - Double Free
Title source: ruleDescription
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.
Scores
CVSS v3
7.5
EPSS
0.0002
EPSS Percentile
3.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-415
Status
published
Affected Products (34)
juniper/junos
< 22.4
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
juniper/junos
... and 19 more
Timeline
Published
Jan 15, 2026
Tracked Since
Feb 18, 2026