SB2026070867 - Improper URL filtration in Junos OS
Published: July 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use of Incorrectly-Resolved Name or Reference (CVE-ID: CVE-2026-57054)
CWE-ID: CWE-706 - Use of Incorrectly-Resolved Name or Reference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass web filtering and access downstream resources that should be unreachable.
The vulnerability exists due to use of incorrectly-resolved name or reference in the URL filtering plugin when processing specifically formatted URLs. A remote attacker can send a request with a specifically formatted URL to bypass web filtering and access downstream resources that should be unreachable.
Only MX Series devices configured with web filtering for specific URLs are exposed.
Remediation
Install update from vendor's website.