CVE-2026-21920

216.73.217.22

· Published 15/01/2026 21:16 · Modified 16/01/2026 15:55

Labels: CVE-2026-21920 2026-01-15 CVE-2026-21920 CWE-252 [email protected]

Essential information

Published: 15/01/2026 21:16
Modified: 16/01/2026 15:55
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
juniper networks / junos	`cpe:2.3:o:juniper_networks:junos:23.4:<23.4R2-S5::::::`
juniper networks / junos	`cpe:2.3:o:juniper_networks:junos:24.2:<24.2R2-S1::::::`
juniper networks / junos	`cpe:2.3:o:juniper_networks:junos:24.4:<24.4R2::::::`