PT-2026-56980 · Juniper Networks · Junos

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-57026

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Junos OS on MX Series with SPC3 and SRX Series versions prior to 23.2R2-S7 Junos OS on MX Series with SPC3 and SRX Series versions 23.4 prior to 23.4R2-S8 Junos OS on MX Series with SPC3 and SRX Series versions 24.2 prior to 24.2R2-S5 Junos OS on MX Series with SPC3 and SRX Series versions 24.4 prior to 24.4R2-S4 Junos OS on MX Series with SPC3 and SRX Series versions 25.2 prior to 25.2R2 Junos OS on MX Series with SPC3 and SRX Series versions 25.4 prior to 25.4R1-S2
Description An improper validation of syntactic correctness of input in the SIP plugin allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When the SIP ALG (Application Layer Gateway) is enabled, the processing of a malformed SIP invite packet causes the flow processing daemon flowd to crash and restart, resulting in a complete service outage until the system automatically recovers.
Recommendations Update to version 23.2R2-S7 or later. Update to version 23.4R2-S8 or later. Update to version 24.2R2-S5 or later. Update to version 24.4R2-S4 or later. Update to version 25.2R2 or later. Update to version 25.4R1-S2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57026

Affected Products

Junos