Race Condition Vulnerability in Junos OS Packet Forwarding Engine on Juniper Networks SRX Series
CVE-2026-57030
What is CVE-2026-57030?
A vulnerability in the packet forwarding engine of Juniper Networks' Junos OS on SRX Series devices can lead to a Denial-of-Service (DoS) attack. This issue arises during the process of flow removal, where a race condition can permit an unauthenticated attacker to set flow timeouts incorrectly. Rather than being set to the intended short duration, timeouts may be assigned durations exceeding 10,000 seconds. This malfunction results in the accumulation of flows that can overwhelm the system. Affected sessions become invalidated and cannot be manually cleared, resulting in potential network interruptions and the need for system reboots for recovery.
Affected Version(s)
Junos OS SRX Series 24.2 < 24.2R2-S3
Junos OS SRX Series 24.4 < 24.4R2-S1
Junos OS SRX Series 25.2 < 25.2R1-S2