VDB

CVE-2026-21917

CVE-2026-21917 PUBLISHED CVSS 8.699999809265137 HIGH

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.

EPSS 0.04% · 13.0th percentile

Risk Scores

CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
EPSS Score
0.04%
13.0th percentile

Affected Products

VendorProductVersions
juniperjunos23.2, 23.2, 23.2
Juniper NetworksJunos OS23.2R2-S2, 23.4R2-S1, 24.2

Timeline

  • Jan 15, 2026 CVE Published
  • Jan 15, 2026 PoC Published
  • Jan 15, 2026 PoC Published
  • Jan 15, 2026 PoC Published
  • Jan 16, 2026 EPSS Score
  • Jan 19, 2026 EPSS Score
  • Jan 22, 2026 EPSS Score
  • Jan 25, 2026 EPSS Score
  • Jan 27, 2026 EPSS Score
  • Jan 30, 2026 EPSS Score
  • Jan 30, 2026 CVE Updated
  • Feb 2, 2026 EPSS Score

References

…and 6 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›