Skip to main content

Junos OS SRX CVE-2026-57021

| EUVDEUVD-2026-42708 MEDIUM
Out-of-bounds Write (CWE-787)
2026-07-09 juniper GHSA-h2m8-76wp-v324
6.9
CVSS 4.0 · Vendor: juniper
Share

Severity by source

Vendor (juniper) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable with no auth or interaction required; DoS-only impact with auto-restart limits availability to Low; unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (juniper).

CVSS VectorVendor: juniper

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 23:02 EUVD
CVSS changed
Jul 09, 2026 - 22:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)
Analysis Generated
Jul 09, 2026 - 22:17 vuln.today

DescriptionCVE.org

An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.

This issue affects Junos OS on SRX Series:

  • 23.2 versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S8,
  • 24.2 versions before 24.2R2-S4,
  • 24.4 versions before 24.4R2-S4,
  • 25.2 versions before 25.2R2,
  • 25.4 versions before 25.4R1-S1, 25.4R2.

AnalysisAI

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes the process when handling crafted network requests, taking down all web-management-dependent services including J-Web, remote-access VPN, and firewall authentication until automatic process recovery. Exploitation is gated on a specific non-default configuration - remote-access VPN with pre-logon compliance check enabled - limiting the exposed population to SRX deployments that actively use this feature. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify SRX VPN endpoint with pre-logon check
Delivery
Craft malformed compliance-check HTTP request
Exploit
Send request to http-gk process
Install
Trigger out-of-bounds write in http-gk buffer
C2
http-gk process crashes
Execute
J-Web, VPN, and firewall auth unavailable
Impact
Repeat to sustain DoS through restarts

Vulnerability AssessmentAI

Exploitation Exploitation requires the target SRX Series device to be configured with remote-access VPN AND the pre-logon compliance check feature specifically enabled - this is a non-default configuration that must be deliberately provisioned. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.3 (Medium) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L accurately captures the core risk profile: network-reachable, zero-complexity exploit with no authentication requirement, but impact is limited to temporary availability loss with no confidentiality or integrity exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated external attacker identifies an SRX Series firewall exposing its remote-access VPN endpoint with pre-logon compliance check enabled, then sends a crafted HTTP request sequence designed to trigger the out-of-bounds write in http-gk. The daemon crashes, immediately terminating J-Web, remote-access VPN sessions, and firewall authentication for all users; the attacker can repeat the trigger request each time the process auto-restarts to maintain a continuous denial of service, blocking remote workforce access and administrative management of the firewall during the disruption period.
Remediation Upgrade Junos OS on affected SRX devices to a fixed release: 23.2R2-S7 or later in the 23.2 train, 23.4R2-S8 or later in the 23.4 train, 24.2R2-S4 or later in the 24.2 train, 24.4R2-S4 or later in the 24.4 train, 25.2R2 or later in the 25.2 train, or 25.4R1-S1 / 25.4R2 or later in the 25.4 train. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57026 HIGH
8.7 Jul 09

Denial-of-service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series devices allows an unauthenticated

CVE-2026-57023 HIGH
8.7 Jul 09

Remote denial of service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series firewalls lets an unauthen

CVE-2026-57022 HIGH
8.2 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls l

CVE-2026-57030 HIGH
8.2 Jul 09

Denial-of-service in Juniper Networks Junos OS on SRX Series devices lets an unauthenticated, network-based attacker exh

CVE-2026-57032 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on EX Series switches (EX2300, EX3400, EX4000, EX4100, EX4400) lets a low

CVE-2026-57027 HIGH
7.1 Jul 09

Denial-of-service in Juniper Junos OS on EX4100 and EX4400 Series switches allows an unauthenticated adjacent attacker t

CVE-2026-57020 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2)

CVE-2026-57019 HIGH
7.1 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series routers lets an unauth

CVE-2026-57024 MEDIUM
6.9 Jul 09

Repeated IKE negotiation failures on Juniper Junos OS (MX with SPC3 and SRX Series) cause a peer index rollover that ass

CVE-2026-57054 MEDIUM
6.9 Jul 09

Web filtering bypass on Juniper Networks Junos OS MX Series exposes downstream resources to unauthenticated network atta

CVE-2026-57025 MEDIUM
6.8 Jul 09

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a loc

CVE-2026-33802 MEDIUM
6.8 Jul 09

Junos OS on Juniper EX Series access switches exposes a missing authorization flaw in the CLI that allows any locally au

Share

CVE-2026-57021 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy