CVE-2026-21920 HIGH

CVE-2026-21920: Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will crash

Vendor Juniper Networks

Product Junos OS

Weakness CWE-252

Published January 15, 2026

Last update January 15, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.

Key dates

02Disclosure timeline

January 15, 2026 CVE published

January 15, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-21920 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/252.html

Related vulnerabilities

Identifiers

CVE CVE-2026-21920

CWE CWE-252

CVSS 7.5 / HIGH

Affected versions

Vendor Juniper Networks

Product Junos OS

Affected ≥ 23.4 and < 23.4R2-S5

Vendor Juniper Networks

Product Junos OS

Affected ≥ 24.2 and < 24.2R2-S1

Vendor Juniper Networks

Product Junos OS

Affected ≥ 24.4 and < 24.4R2

CVE-2026-21920: Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will crash

01Description

02Disclosure timeline

03References

04Related CVE