SB2026070847 - Improper validation of specified quantity in input in Junos OS



SB2026070847 - Improper validation of specified quantity in input in Junos OS

Published: July 8, 2026

Security Bulletin ID SB2026070847
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper validation of specified quantity in input (CVE-ID: CVE-2026-57019)

CWE-ID: CWE-1284 - Improper Validation of Specified Quantity in Input

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of specified quantity in input error in the Packet Forwarding Engine (pfe). A remote non-authenticated attacker can cause a Denial-of-Service (DoS).

 When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly.

This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.


Remediation

Install update from vendor's website.