SB2026070851 - Improper handling of undefined parameters in Junos OS



SB2026070851 - Improper handling of undefined parameters in Junos OS

Published: July 8, 2026

Security Bulletin ID SB2026070851
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper handling of undefined parameters (CVE-ID: CVE-2026-57032)

CWE-ID: CWE-236 - Improper Handling of Undefined Parameters

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of undefined parameters error in the packet forwarding engine (pfe). A remote user can cause a Denial-of-Service (DoS).

If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash.

This leads to a complete service outage until the module has automatically restarted.


Remediation

Install update from vendor's website.