Race condition in Junos OS Evolved - CVE-2026-57029

 

Race condition in Junos OS Evolved - CVE-2026-57029

Published: July 8, 2026


Vulnerability identifier: #VU137149
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-57029
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing synchronization in the flow collector handler when handling changes in sFlow collector reachability. A remote attacker can trigger reachability changes to cause a denial of service.

At least one sFlow collector must be configured for the issue to be exposed, and the crash impacts traffic forwarding until the automatic process restart completes.


How to mitigate CVE-2026-57029

Install security update from vendor's website.

Sources