Skip to main content

Junos OS MX Series EUVDEUVD-2026-42724

| CVE-2026-57054 MEDIUM
Use of Incorrectly-Resolved Name or Reference (CWE-706)
2026-07-09 juniper GHSA-h62j-crg6-gvwf
6.9
CVSS 4.0 · Vendor: juniper
Share

Severity by source

Vendor (juniper) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
vuln.today AI
5.8 MEDIUM

Network-based unauthenticated bypass with scope change to downstream systems; confidentiality low as filtered traffic reaches previously blocked resources; no integrity or availability impact confirmed.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (juniper).

CVSS VectorVendor: juniper

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 23:02 EUVD
Analysis Generated
Jul 09, 2026 - 22:30 vuln.today
CVSS changed
Jul 09, 2026 - 22:22 NVD
5.8 (MEDIUM) 6.9 (MEDIUM)

DescriptionCVE.org

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.

If an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.

This issue affects Junos OS on MX Series:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S8,
  • 24.2 versions before 24.2R2-S5,
  • 24.4 versions before 24.4R2-S4,
  • 25.2 versions before 25.2R2-S1,
  • 25.4 versions before 25.4R1-S2, 25.4R2.

AnalysisAI

Web filtering bypass on Juniper Networks Junos OS MX Series exposes downstream resources to unauthenticated network attackers by allowing a specially formatted URL to evade the URL filtering plugin. The flaw stems from incorrect name or reference resolution (CWE-706), causing the router to forward traffic that security policy mandates be dropped. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify MX Series device handling target traffic
Delivery
Confirm web filtering policy blocks destination
Exploit
Craft specially formatted URL to trigger misresolution
Execution
Route HTTP/HTTPS request through MX device
Persist
URL filtering plugin misresolves reference and forwards traffic
Impact
Access previously blocked downstream resource

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target MX Series device has the web filtering feature explicitly configured and active - devices not running web filtering are entirely unaffected by this vulnerability. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.9 from Juniper's vector (AV:N/AC:L/AT:N/PR:N/UI:N) signals low-complexity, network-accessible exploitation requiring no authentication or user interaction, and the AU:Y (Automatable) supplemental metric confirms scripted mass exploitation is feasible. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker routes an HTTP or HTTPS request through an MX Series edge device that has web filtering enabled and a policy blocking the target destination. By crafting the request URL with specific formatting that triggers the URL filtering plugin's incorrect reference resolution, the attacker causes the filter to misidentify the destination and forward the traffic rather than blocking it, reaching an internal or restricted downstream resource. …
Remediation Upgrade Junos OS on MX Series to the vendor-confirmed fixed versions: 23.2R2-S7 or later, 23.4R2-S8 or later, 24.2R2-S5 or later, 24.4R2-S4 or later, 25.2R2-S1 or later, or 25.4R1-S2 / 25.4R2 or later, as specified in Juniper advisory JSA110093 (https://supportportal.juniper.net/JSA110093). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57026 HIGH
8.7 Jul 09

Denial-of-service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series devices allows an unauthenticated

CVE-2026-57023 HIGH
8.7 Jul 09

Remote denial of service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series firewalls lets an unauthen

CVE-2026-57022 HIGH
8.2 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls l

CVE-2026-57030 HIGH
8.2 Jul 09

Denial-of-service in Juniper Networks Junos OS on SRX Series devices lets an unauthenticated, network-based attacker exh

CVE-2026-57032 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on EX Series switches (EX2300, EX3400, EX4000, EX4100, EX4400) lets a low

CVE-2026-57027 HIGH
7.1 Jul 09

Denial-of-service in Juniper Junos OS on EX4100 and EX4400 Series switches allows an unauthenticated adjacent attacker t

CVE-2026-57020 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2)

CVE-2026-57019 HIGH
7.1 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series routers lets an unauth

CVE-2026-57021 MEDIUM
6.9 Jul 09

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes t

CVE-2026-57024 MEDIUM
6.9 Jul 09

Repeated IKE negotiation failures on Juniper Junos OS (MX with SPC3 and SRX Series) cause a peer index rollover that ass

CVE-2026-57025 MEDIUM
6.8 Jul 09

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a loc

CVE-2026-33802 MEDIUM
6.8 Jul 09

Junos OS on Juniper EX Series access switches exposes a missing authorization flaw in the CLI that allows any locally au

Share

EUVD-2026-42724 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy