CVE-2026-21917

{"id": "CVE-2026-21917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-15T21:16:07.877", "references": [{"url": "https://kb.juniper.net/JSA105996", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://supportportal.juniper.net/JSA105996", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-1286"}]}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u00a0\n * 23.4 versions from 23.4R2-S1 before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nEarlier versions of Junos are also affected, but no fix is available."}], "lastModified": "2026-01-23T19:41:44.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3B6C811-5C10-4486-849D-5559B592350A"}, {"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "078D61B9-A228-453C-9D20-6F9C6B20637F"}, {"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F136A0-021D-43FE-BDD3-AD7201F7FC03"}, {"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "166BFDB3-1945-4949-BC2B-E18442FF2E4D"}, {"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5923610F-878C-48CA-8B5D-9C609E4DD4DB"}, {"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7C207E3-0252-4192-8E8C-E2ED2831B4F4"}, {"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6974492-FE69-4340-8881-61C3329C1545"}, {"criteria": "cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89524D6D-0B22-4952-AD8E-8072C5A05D5C"}, {"criteria": "cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD69A194-1B03-44EA-8092-79BD10C6F729"}, {"criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8463ADB4-B8A7-4D63-97A9-232ED713A21C"}, {"criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE68337F-106E-4317-A5B6-292B0159F577"}, {"criteria": "cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "266B520A-482A-43F7-90F8-B9D64D30034F"}, {"criteria": "cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC78BC9E-5DA7-4E42-9923-B49A0B7F3564"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EEF1798-F3C2-4645-96E7-1E82368B184D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B"}, {"criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683"}, {"criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A"}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A"}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78"}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA"}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5"}, {"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F"}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7"}, {"criteria": "cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5942B6E-AFC7-40E4-8007-68C804BD52E3"}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9"}, {"criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E"}, {"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA"}, {"criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556"}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1"}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710"}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}