Improper validation of specified quantity in input in Junos OS - CVE-2026-57019

 

Improper validation of specified quantity in input in Junos OS - CVE-2026-57019

Published: July 8, 2026


Vulnerability identifier: #VU137133
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-57019
CWE-ID: CWE-1284
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of specified quantity in input error in the Packet Forwarding Engine (pfe). A remote non-authenticated attacker can cause a Denial-of-Service (DoS).

 When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly.

This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.


How to mitigate CVE-2026-57019

Install updates from vendor's website.

Sources