What is CVE-2026-21914?

A high-severity improper locking vulnerability in Juniper Networks Junos OS affects SRX Series devices, allowing unauthenticated attackers to cause a denial-of-service. Immediate action is required to mitigate risks.

What is the severity of CVE-2026-21914?

CVE-2026-21914 has a severity rating of HIGH with a CVSS base score of 8.7.

CVE-2026-21914 | High Vulnerability in Juniper Junos

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.

Organizations should prioritize patching immediately. The vulnerability has a CVSS score of 8.7, categorizing it as high severity, which indicates significant risk to the availability of affected systems. Attackers may leverage this vulnerability to disrupt network services, leading to operational impacts.

This issue affects Junos OS on SRX Series all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S3, 24.4 versions before 24.4R2-S2, and 25.2 versions before 25.2R1-S1, 25.2R2.

Risk to organizations includes potential outages and disruptions in network traffic that can affect service delivery. The lack of authentication requirements for exploitation makes this a critical threat that organizations must address in their patch management cycle.

Vulnerability Details

The vulnerability is classified as CWE-667. It allows an unauthenticated attacker to manipulate the GTP plugin, leading to a denial-of-service condition. The vulnerability was published on January 15, 2026, and affects Junos OS on SRX Series devices.

Technical Analysis

The root cause of this vulnerability is improper locking within the GTP plugin. It allows attackers to exploit the GPRS Tunneling Protocol by sending specially crafted messages that induce a failure in thread management, ultimately causing a denial of service. The attack vector is network-based, requiring low complexity and no privileges or user interaction.

The availability impact is high, as successful exploitation leads to service outages. Confidentiality and integrity impacts are none, indicating that the vulnerability does not expose sensitive data or allow unauthorized modifications.

Risk & Impact Analysis

Given the high CVSS score of 8.7 and the potential for widespread denial-of-service conditions, organizations face significant operational risks. The vulnerability affects multiple versions of Junos OS, thus having a broad blast radius for those impacted. Organizations should assess their environments for affected versions and prioritize remediation. The urgency for addressing this vulnerability is high, considering that attackers may exploit it without authentication.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects Junos OS on SRX Series for all versions prior to 22.4R3-S8, and specific versions within the 23.x, 24.x, and 25.x series as detailed in the official descriptions.

Mitigation & Remediation

Organizations should apply the relevant patches provided by Juniper Networks to mitigate this vulnerability. Specific versions to upgrade to include the latest releases that address this issue. In the absence of immediate patch availability, organizations may consider implementing network controls to limit exposure. Additional recommendations include monitoring for unusual network traffic patterns indicative of exploitation attempts.

Detection Guidance

Monitoring logs for signs of service disruptions and analyzing behavioral anomalies in network traffic can help detect potential exploitation of this vulnerability. Organizations should also maintain up-to-date knowledge of their network configurations and audit access controls.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-21914 highlights the need for rigorous testing of network protocols and the importance of timely patch management. This vulnerability exemplifies a trend where improper handling of protocol messages can lead to severe service outages. Security teams should prioritize incident response planning and ensure they are prepared for similar vulnerabilities in the future. For more insights, organizations can refer to our guide on penetration testing methodologies and the latest vulnerability management program designs to enhance their security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-21914: High Vulnerability in Juniper Junos