CVE-2026-21910

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.4R3-S12 Juniper Networks Junos OS version 22.2 Juniper Networks Junos OS versions 22.4 through 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S5 Juniper Networks Junos OS versions 23.4 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2 through 24.2R2-S3 Juniper Networks Junos OS versions 24.4 through 24.4R2

Description An issue exists in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms. An unauthenticated network-adjacent attacker can cause traffic between VXLAN Network Identifiers (VNIs) to drop, resulting in a Denial of Service (DoS), by flapping an interface. This occurs in EVPN-VXLAN configurations with Link Aggregation Groups (LAGs), where a link flap leads to Inter-VNI traffic dropping when multiple load-balanced next-hop routes exist for the same destination. Affected platforms include QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650. Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command.

Recommendations Update to Junos OS version 21.4R3-S12 or later. Update to a version of Junos OS later than 22.2. Update to Junos OS version 22.4R3-S8 or later. Update to Junos OS version 23.2R2-S5 or later. Update to Junos OS version 23.4R2-S5 or later. Update to Junos OS version 24.2R2-S3 or later. Update to Junos OS version 24.4R2 or later.