CVE-2026-0203

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S10 Juniper Networks Junos OS versions 22.2 before 22.2R3-S7 Juniper Networks Junos OS versions 22.3 before 22.3R3-S4 Juniper Networks Junos OS versions 22.4 before 22.4R3-S5 Juniper Networks Junos OS versions 23.2 before 23.2R2-S3 Juniper Networks Junos OS versions 23.4 before 23.4R2-S3 Juniper Networks Junos OS versions 24.2 before 24.2R1-S2, 24.2R2

Description An issue exists in the packet processing of Junos OS that can lead to a Denial of Service (DoS). An unauthenticated, network-adjacent attacker can send a specifically malformed ICMP packet, causing a Flexible Packet Processor (FPC) to crash and restart. The attack surface is limited to adjacent networks because upstream routers typically do not forward these malformed packets. This issue affects ICMPv4 only; ICMPv6 is not vulnerable. The vulnerability is triggered when an ICMP packet is received with a specifically malformed IP header value.

Recommendations Update to Junos OS version 21.2R3-S9 or later. Update to Junos OS version 21.4R3-S10 or later. Update to Junos OS version 22.2R3-S7 or later. Update to Junos OS version 22.3R3-S4 or later. Update to Junos OS version 22.4R3-S5 or later. Update to Junos OS version 23.2R2-S3 or later. Update to Junos OS version 23.4R2-S3 or later. Update to Junos OS version 24.2R1-S2 or later. Update to Junos OS version 24.2R2 or later.