CVE-2026-21920
HIGHJuniper Junos OS SRX Series 23.4-23.4R2, 24.2-24.2R2, 24.4-24.4R2 - Unauthenticated Denial-of-Service via DNS Request
Title source: llmDescription
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA106020
Vendor Advisory vendor-advisory
https://kb.juniper.net/JSA106020
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
34.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-252
Status
published
Products (3)
juniper/junos
23.4 (9 CPE variants)
juniper/junos
24.2 (5 CPE variants)
juniper/junos
24.4 (4 CPE variants)
Published
Jan 15, 2026
Tracked Since
Feb 18, 2026