SB2026070851 - Improper handling of undefined parameters in Junos OS
Published: July 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper handling of undefined parameters (CVE-ID: CVE-2026-57032)
CWE-ID: CWE-236 - Improper Handling of Undefined Parameters
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of undefined parameters error in the packet forwarding engine (pfe). A remote user can cause a Denial-of-Service (DoS).
If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash.
This leads to a complete service outage until the module has automatically restarted.
Remediation
Install update from vendor's website.