Description
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).

If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections.

This issue affects Junos OS on

SRX Series and MX Series:



* all versions before 22.4R3-S9,
* 23.2 version before 23.2R2-S6,
* 23.4 version before 23.4R2-S7,
* 24.2 versions before 24.2R2-S4,
* 24.4 versions before 24.4R2-S3,
* 25.2 versions before 25.2R1-S2, 25.2R2.
Published: 2026-04-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial-of-Service via IKE packet crash
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an improper validation of syntactically correct input in the IPsec library used by Juniper’s kmd and iked processes. When a malformed first ISAKMP packet is received from an initiator, the kmd/iked service crashes and restarts. This crash temporarily blocks the establishment of new security associations, and repeated exploitation can lead to a complete inability to form new VPN connections, effectively causing a denial of service. The flaw permits an unauthenticated, network‑based attacker to trigger the reset without needing any privileged access.

Affected Systems

Juniper Networks Junos OS on SRX Series and MX Series devices are affected. Any release prior to 22.4R3‑S9, 23.2R2‑S6, 23.4R2‑S7, 24.2R2‑S4, 24.4R2‑S3, or 25.2R1‑S2/25.2R2 is vulnerable. All subsequent releases contain the correction and are immune.

Risk and Exploitability

The CVSS base score of 8.7 indicates high severity, though EPSS data is unavailable and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is network‑based and does not require authentication, so any host within the device’s reach could send a crafted IKE packet to trigger a crash. Because the flaw causes a DoS condition, the risk to service availability is significant, especially for organizations relying on SRX or MX series VPN connectivity.

Generated by OpenCVE AI on April 9, 2026 at 23:25 UTC.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.

Vendor Workaround

There are no known workarounds for this issue.

OpenCVE Recommended Actions

  • Apply the Juniper Junos OS update that includes the fix, such as 22.4R3‑S9, 23.2R2‑S6, 23.4R2‑S7, 24.2R2‑S4, 24.4R2‑S3, or 25.2R1‑S2/25.2R2 and later releases.
  • If patching cannot be performed immediately, monitor VPN connections for repeated IKE session failures and consider isolating the affected device to prevent prolonged VPN disruption.

Generated by OpenCVE AI on April 9, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://kb.juniper.net/JSA107868 cve-icon cve-icon
History

Fri, 17 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Juniper
Juniper junos
Juniper mx10004
Juniper mx10008
Juniper mx2008
Juniper mx2010
Juniper mx2020
Juniper mx204
Juniper mx240
Juniper mx301
Juniper mx304
Juniper mx480
Juniper mx960
Juniper srx1500
Juniper srx1600
Juniper srx2300
Juniper srx300
Juniper srx320
Juniper srx340
Juniper srx345
Juniper srx380
Juniper srx4100
Juniper srx4120
Juniper srx4200
Juniper srx4300
Juniper srx4600
Juniper srx4700
Juniper srx5400
Juniper srx5600
Juniper srx5800
CPEs cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s8:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*
Vendors & Products Juniper
Juniper junos
Juniper mx10004
Juniper mx10008
Juniper mx2008
Juniper mx2010
Juniper mx2020
Juniper mx204
Juniper mx240
Juniper mx301
Juniper mx304
Juniper mx480
Juniper mx960
Juniper srx1500
Juniper srx1600
Juniper srx2300
Juniper srx300
Juniper srx320
Juniper srx340
Juniper srx345
Juniper srx380
Juniper srx4100
Juniper srx4120
Juniper srx4200
Juniper srx4300
Juniper srx4600
Juniper srx4700
Juniper srx5400
Juniper srx5600
Juniper srx5800

Fri, 10 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Vendors & Products Juniper Networks
Juniper Networks junos Os

Thu, 09 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections. This issue affects Junos OS on SRX Series and MX Series: * all versions before 22.4R3-S9, * 23.2 version before 23.2R2-S6, * 23.4 version before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R1-S2, 25.2R2.
Title Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M'}
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-04-10T14:11:42.844Z

Reserved: 2026-03-23T19:46:13.669Z

Link: CVE-2026-33778

cve-icon Vulnrichment

Updated: 2026-04-10T14:10:59.833Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:26.500

Modified: 2026-04-17T17:23:59.233

Link: CVE-2026-33778

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:53Z

Weaknesses