Denial-of-Service Vulnerability in Juniper Networks QFX Series
CVE-2026-57029
What is CVE-2026-57029?
A missing synchronization issue in the flow collector handler of Juniper Networks' Junos OS Evolved on QFX Series can expose the system to denial-of-service conditions. An adjacent, unauthenticated attacker could exploit this vulnerability by manipulating the reachability status of an sFlow collector. During this event, if the update of the next-hop entry overlaps with the access of next-hop data by the sFlow thread, it leads to a crash of the evo-pfemand process, interrupting all traffic forwarding. The issue persists until the automatic process restart is complete, creating a potential window for service disruption.
Affected Version(s)
Junos OS Evolved QFX Series 0 < 23.4R2-S7-EVO
Junos OS Evolved QFX Series 24.2 < 24.2R2-S5-EVO
Junos OS Evolved QFX Series 24.4 < 24.4R2-S3-EVO