VDB

GCVE-110-NCSC-2026-17

GCVE-110-NCSC-2026-17
Advisory PublishedCVSS 6.1/10
Vulnetix · Advisory published January 16, 2026
A clickjacking vulnerability in Juniper Networks Paragon Automation web portal, affecting all versions prior to 24.1.1, allows attackers to manipulate user interactions due to improper HTTP header settings.

Weaknesses (CWE)

CWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-476NULL Pointer DereferenceCWE-755Improper Handling of Exceptional ConditionsCWE-121Stack-based Buffer OverflowCWE-667Improper LockingCWE-1286Improper Validation of Syntactic Correctness of InputCWE-252Unchecked Return ValueCWE-822Untrusted Pointer DereferenceCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-732Incorrect Permission Assignment for Critical ResourceCWE-126Buffer Over-readCWE-416Use After FreeCWE-401Missing Release of Memory after Effective LifetimeCWE-665Improper InitializationCWE-682Incorrect CalculationCWE-1419Incorrect Initialization of ResourceCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-415Double Free

Risk Scores

CVSS 3.1
6.1/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
Juniper Networksvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›