Main Vulnerability Database SB2026012014

SB2026012014 - Incorrect Initialization of Resource in Juniper Junos OS

Published: January 20, 2026

Security Bulletin ID SB2026012014

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect Initialization of Resource (CVE-ID: CVE-2026-21913)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect initialization of resource error in the Internal Device Manager (IDM). A remote non-authenticated attacker can cause a Denial-of-Service (DoS).

On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913