SB2026070867 - Improper URL filtration in Junos OS



SB2026070867 - Improper URL filtration in Junos OS

Published: July 8, 2026

Security Bulletin ID SB2026070867
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Use of Incorrectly-Resolved Name or Reference (CVE-ID: CVE-2026-57054)

CWE-ID: CWE-706 - Use of Incorrectly-Resolved Name or Reference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass web filtering and access downstream resources that should be unreachable.

The vulnerability exists due to use of incorrectly-resolved name or reference in the URL filtering plugin when processing specifically formatted URLs. A remote attacker can send a request with a specifically formatted URL to bypass web filtering and access downstream resources that should be unreachable.

Only MX Series devices configured with web filtering for specific URLs are exposed.


Remediation

Install update from vendor's website.