Use of Incorrectly-Resolved Name or Reference in Junos OS - CVE-2026-57054

 

Use of Incorrectly-Resolved Name or Reference in Junos OS - CVE-2026-57054

Published: July 8, 2026


Vulnerability identifier: #VU137147
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-57054
CWE-ID: CWE-706
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass web filtering and access downstream resources that should be unreachable.

The vulnerability exists due to use of incorrectly-resolved name or reference in the URL filtering plugin when processing specifically formatted URLs. A remote attacker can send a request with a specifically formatted URL to bypass web filtering and access downstream resources that should be unreachable.

Only MX Series devices configured with web filtering for specific URLs are exposed.


How to mitigate CVE-2026-57054

Install security update from vendor's website.

Sources