A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). During TCP session establishment, a specific sequence of packets can trigger a double free, leading to a crash of flowd and a restart of the respective FPC.
This vulnerability is present in all versions of Junos OS on SRX and MX Series prior to the following versions: 22.4R3-S7, 23.2R2-S3, 23.4R2-S4, and 24.2R2. Given the nature of this vulnerability and its impact, organizations must prioritize patching to mitigate potential exploit scenarios.
With a CVSS score of 8.7, this vulnerability is classified as high severity. Organizations utilizing affected versions should take immediate action to remediate this vulnerability in order to prevent potential Denial-of-Service attacks.
Risk to organizations includes service disruption due to denial-of-service conditions that could be exploited by malicious actors. Organizations should prioritize patching immediately.
Vulnerability Details
The vulnerability identified as CVE-2026-21918 occurs within the flow processing daemon (flowd) of Juniper Networks' Junos OS, specifically affecting the SRX and MX Series devices. The issue arises from improper handling of memory during TCP session establishment when a specific sequence of packets is received, leading to a double free condition.
This vulnerability has a CVSS score of 8.7, indicating high severity due to its potential impact on availability, which is rated as high while confidentiality and integrity impacts are rated as none. The affected products are all versions of Junos OS prior to the specified versions.
Published on January 15, 2026, the vulnerability has been classified under CWE-415, representing double free issues. Organizations utilizing the affected devices must prioritize remediation efforts to safeguard their networks.
Technical Analysis
The root cause of this vulnerability is a double free condition that occurs when the flow processing daemon attempts to deallocate memory that has already been freed. This can happen during the establishment of TCP sessions when an attacker sends a specific sequence of packets.
The attack vector for this vulnerability is network-based, as it can be exploited remotely without the need for any privileges or user interaction. The complexity of the attack is considered low, making it accessible to potential attackers.
The vulnerability impacts availability significantly, with a high potential for disruption to services, as the flowd process crashing leads to service interruptions. Confidentiality and integrity impacts are assessed as none.
Risk & Impact Analysis
Organizations utilizing affected versions of Junos OS on SRX and MX Series are at risk of service disruptions due to potential denial-of-service attacks. The potential for such an attack to be executed without any prior authentication poses a significant threat, especially for critical network infrastructures.
With the CVSS score indicating a high severity level, organizations must assess their exposure to this vulnerability and take urgent action. The blast radius for this vulnerability is considerable, affecting all deployed instances of Junos OS within the specified version ranges.
Organizations should address in priority patch cycle, ensuring that all affected devices are updated to versions that mitigate the vulnerability.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The following versions of Junos OS are affected by this vulnerability: all versions before 22.4R3-S7, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S4, and 24.2 versions before 24.2R2.
Mitigation & Remediation
To mitigate this vulnerability, organizations should ensure that they upgrade to the latest patch versions of Junos OS. The necessary patched versions are: 22.4R3-S7, 23.2R2-S3, 23.4R2-S4, and 24.2R2.
If immediate patching is not possible, organizations should implement network controls to limit access to affected devices, monitor logs for unusual activity, and prepare to respond quickly to any indications of exploitation attempts.
For further assistance, organizations may consider engaging in penetration testing to validate the effectiveness of their remediation efforts.
Detection Guidance
Organizations should monitor logs for indications of unexpected crashes of the flowd process and review any network traffic that could relate to TCP session establishment anomalies.
Behavioral anomalies in network traffic patterns should be investigated thoroughly to identify potential exploitation attempts.
AppSecure Threat Intelligence Insight
The significance of CVE-2026-21918 lies in the widespread deployment of affected Junos OS versions across various sectors. Its potential to disrupt services highlights the importance of timely patching and proactive security measures.
This vulnerability underscores the need for organizations to maintain an effective vulnerability management program, ensuring visibility into potential threats and timely remediation.
For further insights on enhancing security, organizations can refer to resources on vulnerability management and penetration testing methodology to strengthen defenses.
Additionally, engaging in cloud security assessments can further help in identifying weaknesses and enhancing overall security posture.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)