CVE-2026-21905

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions prior to 21.2R3-S10 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 21.4 through 21.4R3-S12 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 22.4 through 22.4R3-S8 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 23.2 through 23.2R2-S5 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 23.4 through 23.4R2-S6 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 24.2 through 24.2R2-S3 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 24.4 through 24.4R2-S1 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 25.2 through 25.2R1-S1, 25.2R2

Description An issue exists in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC. Specifically, a loop with an unreachable exit condition can occur when processing specific SIP messages over TCP. This can lead to a crash of the flow management process, resulting in a Denial of Service (DoS). The issue arises from incorrect parsing of SIP headers when multiple SIP messages are received. This causes a continuous loop and ultimately a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or the mspmand process on MX Series with MS-MPC. The issue is only triggered by SIP messages sent over TCP; UDP messages are not affected.

Recommendations Update to Junos OS version 21.2R3-S10 or later. Update to Junos OS version 21.4R3-S12 or later. Update to Junos OS version 22.4R3-S8 or later. Update to Junos OS version 23.2R2-S5 or later. Update to Junos OS version 23.4R2-S6 or later. Update to Junos OS version 24.2R2-S3 or later. Update to Junos OS version 24.4R2-S1 or later. Update to Junos OS version 25.2R1-S1 or later. Update to Junos OS version 25.2R2 or later.