An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).
If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections.
This issue affects Junos OS on
SRX Series and MX Series:
* all versions before 22.4R3-S9,
* 23.2 version before 23.2R2-S6,
* 23.4 version before 23.4R2-S7,
* 24.2 versions before 24.2R2-S4,
* 24.4 versions before 24.4R2-S3,
* 25.2 versions before 25.2R1-S2, 25.2R2.
References
| Link | Resource |
|---|---|
| https://kb.juniper.net/JSA107868 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
17 Apr 2026, 17:23
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:* cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:* cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:* cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:* cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:* cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:* cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:* cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s8:*:*:*:*:*:* cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:* cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:* cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:* cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:* cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:* cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:* cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:* cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:* cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:* |
|
| References | () https://kb.juniper.net/JSA107868 - Vendor Advisory | |
| First Time |
Juniper srx5600
Juniper mx10004 Juniper mx304 Juniper srx1500 Juniper Juniper mx240 Juniper mx10008 Juniper mx480 Juniper srx320 Juniper srx1600 Juniper srx5400 Juniper junos Juniper srx2300 Juniper srx380 Juniper srx4120 Juniper mx2020 Juniper srx5800 Juniper srx300 Juniper srx4300 Juniper srx345 Juniper mx301 Juniper srx4200 Juniper srx340 Juniper mx2008 Juniper mx960 Juniper mx2010 Juniper srx4100 Juniper srx4700 Juniper srx4600 Juniper mx204 |
09 Apr 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 22:16
Updated : 2026-04-17 17:23
NVD link : CVE-2026-33778
Mitre link : CVE-2026-33778
CVE.ORG link : CVE-2026-33778
JSON object : View
Products Affected
juniper
- srx380
- mx2008
- mx10008
- mx304
- srx340
- srx4100
- mx2020
- srx5800
- junos
- srx4300
- mx960
- srx300
- mx480
- mx204
- srx320
- srx4700
- mx2010
- srx345
- srx4200
- mx10004
- srx4120
- srx2300
- srx5400
- mx240
- srx1600
- srx4600
- srx1500
- mx301
- srx5600
CWE
CWE-1286
Improper Validation of Syntactic Correctness of Input