CVE-2026-21920

HIGH

Juniper Junos - Denial of Service

Title source: rule

Description

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.

References (2)

[Vendor Advisory] https://supportportal.juniper.net/JSA106020

[Vendor Advisory] https://kb.juniper.net/JSA106020

Scores

CVSS v3 7.5

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-252

Status published

Products (3)

juniper/junos 23.4 (9 CPE variants)

juniper/junos 24.2 (5 CPE variants)

juniper/junos 24.4 (4 CPE variants)

Published Jan 15, 2026

Tracked Since Feb 18, 2026