Double Free Vulnerability in Juniper Networks Junos OS on SRX and MX Series
CVE-2026-21918

8.7HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
15 January 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-21918?

A double free vulnerability exists in the flow processing daemon ('flowd') of Juniper Networks Junos OS for SRX and MX Series devices. This issue arises during TCP session establishment when a specific sequence of packets is received, leading to a double free condition. An unauthenticated attacker can exploit this vulnerability to crash the flowd process, causing the corresponding Flexible PIC Concentrator (FPC) to restart and resulting in a Denial-of-Service (DoS) condition.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS SRX Series 0 < 22.4R3-S7

Junos OS SRX Series 23.2 < 23.2R2-S3

Junos OS SRX Series 23.4 < 23.4R2-S4

References

https://supportportal.juniper.net/JSA106018
vendor-advisory
https://kb.juniper.net/JSA106018
vendor-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.