Denial-of-Service Vulnerability in Junos OS on Juniper Networks EX Series Devices
CVE-2026-57032

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-57032?

An improper handling of undefined parameters vulnerability exists in Juniper Networks Junos OS affecting EX Series devices. This allows an authenticated attacker with minimal privileges to trigger a Denial-of-Service (DoS) condition. Specifically, when attempting to subscribe to an unsupported telemetry sensor path via gRPC on affected models such as EX2300, EX3400, EX4000, EX4100, and EX4400, the forwarding plane controller (FPC) crashes. This results in a complete service interruption that persists until the affected module restarts automatically. The event is logged with a specific message indicating the lack of resource name for the requested sensor.

Affected Version(s)

Junos OS EX3400 0 < 23.2R2-S7

Junos OS EX3400 23.4 < 23.4R2-S8

Junos OS EX3400 24.2 < 24.2R2-S5

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.