Improper handling of undefined parameters in Junos OS - CVE-2026-57032

 

Improper handling of undefined parameters in Junos OS - CVE-2026-57032

Published: July 8, 2026


Vulnerability identifier: #VU137137
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-57032
CWE-ID: CWE-236
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS

Detailed vulnerability description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of undefined parameters error in the packet forwarding engine (pfe). A remote user can cause a Denial-of-Service (DoS).

If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash.

This leads to a complete service outage until the module has automatically restarted.


How to mitigate CVE-2026-57032

Install updates from vendor's website.

Sources