Improper restriction of communication channel to intended endpoints in Junos OS Evolved - CVE-2026-57028

 

Improper restriction of communication channel to intended endpoints in Junos OS Evolved - CVE-2026-57028

Published: July 8, 2026


Vulnerability identifier: #VU137136
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-57028
CWE-ID: CWE-923
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper restriction of communication channel to intended endpoints error. A remote non-authenticated attacker can cause license exhaustion.

Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port.

This leads to unauthorized access to the license management.


How to mitigate CVE-2026-57028

Install updates from vendor's website.

Sources