Denial-of-Service Vulnerability in Juniper Networks QFX Series
CVE-2026-57029

6MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-57029?

A missing synchronization issue in the flow collector handler of Juniper Networks' Junos OS Evolved on QFX Series can expose the system to denial-of-service conditions. An adjacent, unauthenticated attacker could exploit this vulnerability by manipulating the reachability status of an sFlow collector. During this event, if the update of the next-hop entry overlaps with the access of next-hop data by the sFlow thread, it leads to a crash of the evo-pfemand process, interrupting all traffic forwarding. The issue persists until the automatic process restart is complete, creating a potential window for service disruption.

Affected Version(s)

Junos OS Evolved QFX Series 0 < 23.4R2-S7-EVO

Junos OS Evolved QFX Series 24.2 < 24.2R2-S5-EVO

Junos OS Evolved QFX Series 24.4 < 24.4R2-S3-EVO

References

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.