SB2026070869 - Denial of service in Junos OS Evolved



SB2026070869 - Denial of service in Junos OS Evolved

Published: July 8, 2026

Security Bulletin ID SB2026070869
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Race condition (CVE-ID: CVE-2026-57029)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing synchronization in the flow collector handler when handling changes in sFlow collector reachability. A remote attacker can trigger reachability changes to cause a denial of service.

At least one sFlow collector must be configured for the issue to be exposed, and the crash impacts traffic forwarding until the automatic process restart completes.


Remediation

Install update from vendor's website.