Improper Validation in Junos OS on MX Series by Juniper Networks
CVE-2026-57019

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-57019?

An input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks' Junos OS on MX Series can lead to Denial-of-Service (DoS) conditions. When specific packets are processed from devices within the same broadcast domain, the affected system improperly calculates packet sizes. This miscalculation results in a failure of further packet processing, causing significant errors that trigger a critical reset of the Forwarding Plane Component (FPC). As a result, ongoing traffic is disrupted until automatic recovery takes place. This issue particularly affects scenarios involving MAP-T and non-IP traffic encapsulated in IP, such as MPLS over GRE. Relevant log messages indicate the major errors occurring within the system modules, showcasing the nature and scope of the impact.

Affected Version(s)

Junos OS MX Series 0 < 23.2R2-S6

Junos OS MX Series 23.4 < 23.4R2-S7

Junos OS MX Series 24.2 < 24.2R2-S4

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.