—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in Juniper SRX 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Junos OS on the SRX Series:

all versions before 21.4R3-S12, 

from 22.4 before 22.4R3-S8, 

from 23.2 before 23.2R2-S5, 

from 23.4 before 23.4R2-S5, 

from 24.2 before 24.2R2-S3, 

from 24.4 before 24.4R2-S1, 

from 25.2 before 25.2R1-S1, 25.2R2.

Overview

A Vulnerability has been reported in Juniper SRX devices by sending a crafted ICMP packet over a GRE tunnel, causing the PFE to crash and restart.

Target Audience:

Network administrators, security engineers, SOC analysts, and IT operations teams responsible for managing and securing Juniper SRX Series firewalls running Junos OS.

Risk Assessment:

High risks of service interruption and unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity and availability of the system.

Description

This vulnerability exists in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS running on SRX Series devices due to improper handling of exceptional conditions within the PFE. An unauthenticated, network-based attacker can exploit this vulnerability by sending a specially crafted ICMP packet through a GRE tunnel, causing the PFE to crash and restart.

Successful exploitation of this vulnerability could allow a system crash and disruption of packet forwarding.

Workaround

Disable GRE performance acceleration via ‘deactivate security flow gre-performance-acceleration’

Disable PMI via ‘set security flow power-mode-disable’

Solution

Apply appropriate updates as mentioned in:

The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.

Vendor Information

Juniper

https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906

References

Juniper

https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906

CVE Name

CVE-2026-21906

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml8nMAACgkQ3jCgcSdc

ys+PchAApPf9nOJ8nJD+ep6dwAI8zFnlL6iRcE37ZKDQIZ5xpM8zGv0H024te+Po

dIQ72NL1oQu5JwX6pKcE7pSTC0xw1Coo13pQmxs/QUGCjM2bHkVrClOaYXGxNlCH

w8az9LFf+hc1ZkiB1j+7g95z/sx/nGTtX8m3ymZlqKj+VEPrYYmKAjJhvveaLJPS

RFcms+Dib9ncugMfD1DOV5Q51WD9noM4rGu4oNlMOJqgDoVouIw1ptZnNTupMx5K

MxSYhLxjRdJfIyDkk/79avMGtPshntqvliXTu7d1RKtC8QmqsOL76QZJhwsu4ivG

OFre+YPYzyc+vLDJujm2f9xHu7rqndE7px80ncP+dfdk5SGdYQ+FmAto0oJ7fp5V

0JMnEtikGA0ed392VNhHs3aQP+6F3Y+FF1zd8TPsy1p6PcvGIKLTnLzBzfVPIOtF

sNi6k9ulNsgWxRH6gpikgfXI8zkETJFKOuTxdXRa1wWRr38VBfyCXHH2/C6FgRrP

b1joo3OXigrMCeHfhi4wrf0sFfA0DublJd6cnPQtCBKlfj2RWw7y4gblMi0xjCyy

ShD4qpSfv7N71tSUedGxyFsdj360LVyYfKUjjPm2pAwmAPesu1n1H3u/aBiU4huv

VQdxoOz4hOWdWrHsg8B993JZyv1FkG0JTjeS5zkoFwh3A2AMVKI=

=xlJ+

—–END PGP SIGNATURE—–