SB2026070850 - Improper restriction of communication channel to intended endpoints in Junos OS Evolved



SB2026070850 - Improper restriction of communication channel to intended endpoints in Junos OS Evolved

Published: July 8, 2026

Security Bulletin ID SB2026070850
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper restriction of communication channel to intended endpoints (CVE-ID: CVE-2026-57028)

CWE-ID: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper restriction of communication channel to intended endpoints error. A remote non-authenticated attacker can cause license exhaustion.

Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port.

This leads to unauthorized access to the license management.


Remediation

Install update from vendor's website.