CVE-2026-21914

HIGH EPSS 21.5%

Published Jan 15, 20265mo ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Jan 15, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects Junos OS on SRX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S1, 25.2R2.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

21.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-667

Affected Products 68

Vendor	Product	Version	Range
juniper	junos	*	<22.4
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	srx1500	*	any
juniper	srx1600	*	any
juniper	srx2300	*	any
juniper	srx300	*	any
juniper	srx320	*	any
juniper	srx340	*	any
juniper	srx345	*	any
juniper	srx380	*	any
juniper	srx4100	*	any
juniper	srx4120	*	any
juniper	srx4200	*	any
juniper	srx4300	*	any
juniper	srx4600	*	any
juniper	srx4700	*	any
juniper	srx5400	*	any
juniper	srx5600	*	any
juniper	srx5800	*	any

References 2

kb.juniper.net https://kb.juniper.net/JSA106015

Vendor Advisory
supportportal.juniper.net https://supportportal.juniper.net/JSA106015

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.