Denial-of-Service Vulnerability in Junos OS on Juniper Networks EX Series Devices
CVE-2026-57032
What is CVE-2026-57032?
An improper handling of undefined parameters vulnerability exists in Juniper Networks Junos OS affecting EX Series devices. This allows an authenticated attacker with minimal privileges to trigger a Denial-of-Service (DoS) condition. Specifically, when attempting to subscribe to an unsupported telemetry sensor path via gRPC on affected models such as EX2300, EX3400, EX4000, EX4100, and EX4400, the forwarding plane controller (FPC) crashes. This results in a complete service interruption that persists until the affected module restarts automatically. The event is logged with a specific message indicating the lack of resource name for the requested sensor.
Affected Version(s)
Junos OS EX3400 0 < 23.2R2-S7
Junos OS EX3400 23.4 < 23.4R2-S8
Junos OS EX3400 24.2 < 24.2R2-S5