Skip to main content

Junos OS CVE-2026-57020

| EUVDEUVD-2026-42707 HIGH
Improper Check for Unusual or Exceptional Conditions (CWE-754)
2026-07-09 juniper GHSA-vhf9-x75x-qgv5
7.1
CVSS 4.0 · Vendor: juniper
Share

Severity by source

Vendor (juniper) PRIMARY
7.1 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
vuln.today AI
6.5 MEDIUM

Adjacent Layer 2 access needed (AV:A) with no auth or interaction (PR:N/UI:N); impact is pure availability from link saturation (A:H, C:N/I:N), no base scope change.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Primary rating from Vendor (juniper).

CVSS VectorVendor: juniper

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch available
Jul 09, 2026 - 23:02 EUVD
Analysis Updated
Jul 09, 2026 - 22:35 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 09, 2026 - 22:33 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 09, 2026 - 22:22 vuln.today
cvss_changed
Severity Changed
Jul 09, 2026 - 22:22 NVD
MEDIUM HIGH
CVSS changed
Jul 09, 2026 - 22:22 NVD
6.5 (MEDIUM) 7.1 (HIGH)
Analysis Generated
Jul 09, 2026 - 22:16 vuln.today

DescriptionCVE.org

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.

This issue affects Junos OS on QFX10000 Series:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S8,
  • 24.2 versions before 24.2R2-S4,
  • 24.4 versions before 24.4R2-S4.

This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.

AnalysisAI

Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2) attacker to saturate data-center links by injecting IPv6 multicast traffic in an EVPN-VxLAN fabric. When such packets reach a non-IRB interface of a spine switch, the packet-forwarding engine floods them to other spines and all ESI leaf switches, creating an endless forwarding loop that starves legitimate traffic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain Layer 2 adjacency in EVPN-VxLAN fabric
Delivery
Craft IPv6 multicast packets
Exploit
Send to spine non-IRB interface
Execution
PFE floods to spines and ESI leaves
Persist
Endless forwarding loop saturates links
Impact
Legitimate traffic denied

Vulnerability AssessmentAI

Exploitation Exploitation requires a QFX10000 Series switch running an affected Junos OS release and deployed in an EVPN-VxLAN scenario. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L, score 7.1) describes a pure availability impact with no confidentiality or integrity loss, reachable without authentication or user interaction but only from an adjacent network position - the attacker must already have Layer 2 reachability to a spine's non-IRB interface inside the EVPN-VxLAN fabric. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with Layer 2 adjacency inside an EVPN-VxLAN data-center fabric (for example, from a compromised host, rogue leaf-connected device, or misconfigured port) sends crafted IPv6 multicast frames toward a non-IRB interface of a QFX10000 spine. The PFE floods the frames to peer spines and all ESI leaf switches and re-loops them endlessly, saturating fabric links and degrading or dropping legitimate traffic. …
Remediation Upgrade Junos OS on QFX10000 Series to a fixed release: 23.2R2-S7 or later, 23.4R2-S8 or later, 24.2R2-S4 or later, or 24.4R2-S4 or later, per Juniper advisory JSA110080 (https://supportportal.juniper.net/JSA110080). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all QFX10000 Series switches deployed in EVPN-VxLAN environments and assess Layer 2 network access risks from adjacent network segments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57026 HIGH
8.7 Jul 09

Denial-of-service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series devices allows an unauthenticated

CVE-2026-57023 HIGH
8.7 Jul 09

Remote denial of service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series firewalls lets an unauthen

CVE-2026-57022 HIGH
8.2 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls l

CVE-2026-57030 HIGH
8.2 Jul 09

Denial-of-service in Juniper Networks Junos OS on SRX Series devices lets an unauthenticated, network-based attacker exh

CVE-2026-57032 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on EX Series switches (EX2300, EX3400, EX4000, EX4100, EX4400) lets a low

CVE-2026-57027 HIGH
7.1 Jul 09

Denial-of-service in Juniper Junos OS on EX4100 and EX4400 Series switches allows an unauthenticated adjacent attacker t

CVE-2026-57019 HIGH
7.1 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series routers lets an unauth

CVE-2026-57021 MEDIUM
6.9 Jul 09

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes t

CVE-2026-57024 MEDIUM
6.9 Jul 09

Repeated IKE negotiation failures on Juniper Junos OS (MX with SPC3 and SRX Series) cause a peer index rollover that ass

CVE-2026-57054 MEDIUM
6.9 Jul 09

Web filtering bypass on Juniper Networks Junos OS MX Series exposes downstream resources to unauthenticated network atta

CVE-2026-57025 MEDIUM
6.8 Jul 09

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a loc

CVE-2026-33802 MEDIUM
6.8 Jul 09

Junos OS on Juniper EX Series access switches exposes a missing authorization flaw in the CLI that allows any locally au

Share

CVE-2026-57020 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy