CVE-2026-33790

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions prior to 21.2R3-S10, all versions of 21.3, versions 21.4 through 21.4R3-S12, all versions of 22.1, versions 22.2 through 22.2R3-S8, all versions of 22.4, versions 22.4 through 22.4R3-S9, versions 23.2 through 23.2R2-S6, versions 23.4 through 23.4R2-S7, versions 24.2 through 24.2R2-S3, versions 24.4 through 24.4R2-S3, and versions 25.2 through 25.2R1-S2, 25.2R2.

Description A flaw exists in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series. An attacker can send a specifically crafted malformed ICMPv6 packet, particularly during NAT64 translation, to cause the srxpfe process to crash and restart. Repeated transmission of these packets can lead to a sustained Denial of Service (DoS) condition. This issue is not triggered by IPv4 or other IPv6 traffic.

Recommendations Update to Junos OS version 21.2R3-S10 or later. Update to Junos OS version 21.4R3-S12 or later. Update to Junos OS version 22.2R3-S8 or later. Update to Junos OS version 22.4R3-S9 or later. Update to Junos OS version 23.2R2-S6 or later. Update to Junos OS version 23.4R2-S7 or later. Update to Junos OS version 24.2R2-S3 or later. Update to Junos OS version 24.4R2-S3 or later. Update to Junos OS version 25.2R1-S2 or later.