SB2026070869 - Denial of service in Junos OS Evolved
Published: July 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2026-57029)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing synchronization in the flow collector handler when handling changes in sFlow collector reachability. A remote attacker can trigger reachability changes to cause a denial of service.
At least one sFlow collector must be configured for the issue to be exposed, and the crash impacts traffic forwarding until the automatic process restart completes.
Remediation
Install update from vendor's website.