CVE-2026-21918

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S7 Juniper Networks Junos OS versions 23.2 before 23.2R2-S3 Juniper Networks Junos OS versions 23.4 before 23.4R2-S4 Juniper Networks Junos OS versions 24.2 before 24.2R2

Description A Double Free issue exists in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series devices. An unauthenticated, network-based attacker can trigger a Denial-of-Service (DoS) condition by sending a specific sequence of packets during TCP session establishment. This sequence causes a double free, leading to a crash of the flowd daemon and a restart of the Flexible Packet Processing (FPC).

Recommendations Upgrade to Junos OS version 22.4R3-S7 or later. Upgrade to Junos OS version 23.2R2-S3 or later. Upgrade to Junos OS version 23.4R2-S4 or later. Upgrade to Junos OS version 24.2R2 or later.