Memory Leak Vulnerability in Junos OS on Juniper Networks EX Series Devices
CVE-2026-57027
7.1HIGH
What is CVE-2026-57027?
A vulnerability in the packet forwarding engine of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to exploit memory leaks during multicast traffic handling in Virtual Chassis scenarios. Specifically, when sFlow is configured, multicast traffic received on one member of an EX4100 or EX4400 series device can cause a memory leak when sent out another member, ultimately leading to a Denial-of-Service condition due to the crashing and restarting of the forwarding plane card (FPC). Continuous monitoring of buffer values can indicate the presence of this memory leak.
Affected Version(s)
Junos OS EX4100 Series 0 < 23.2R2-S7
Junos OS EX4100 Series 23.4 < 23.4R2-S7
Junos OS EX4100 Series 24.2 < 24.2R2-S4