Improper Condition Check in Juniper Networks QFX10000 Series Packet Forwarding Engine
CVE-2026-57020
7.1HIGH
What is CVE-2026-57020?
A vulnerability exists in the packet forwarding engine of Juniper Networks' Junos OS on the QFX10000 Series, which allows an unauthenticated adjacent attacker to exploit this flaw. When IPv6 multicast traffic is sent to the non-IRB interface of a spine switch within an EVPN-VxLAN architecture, it may cause unintended packet flooding. This flooding results in an endless loop of packet forwarding to other spine switches and all associated Ethernet Segment Identifier leaf switches. The resultant saturation of network links can significantly disrupt legitimate traffic flow, leading to potential Denial-of-Service conditions.
Affected Version(s)
Junos OS QFX10000 Series 0 < 23.2R2-S7
Junos OS QFX10000 Series 23.4 < 23.4R2-S8
Junos OS QFX10000 Series 24.2 < 24.2R2-S4