Description
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition.

During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart.

This issue cannot be triggered using IPv4 nor other IPv6 traffic.



This issue affects Junos OS on SRX Series:
* all versions before 21.2R3-S10,
* all versions of 21.3,
* from 21.4 before 21.4R3-S12,
* all versions of 22.1,
* from 22.2 before 22.2R3-S8,
* all versions of 22.4,
* from 22.4 before 22.4R3-S9,
* from 23.2 before 23.2R2-S6,
* from 23.4 before 23.4R2-S7,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2-S3,
* from 25.2 before 25.2R1-S2, 25.2R2.
Published: 2026-04-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

An improperly evaluated condition in Juniper's flow daemon during NAT64 translation allows an attacker to send a specifically crafted malformed ICMPv6 packet that causes the srxpfe process to crash. The crash forces the process to restart repeatedly, resulting in a persistent denial‑of‑service that interrupts traffic handling. This weakness is a failure to perform a required check against unusual or exceptional conditions and is classified as CWE‑754.

Affected Systems

Juniper Network's Junos OS on SRX Series devices are affected. All releases before the patched versions are vulnerable, including every release prior to 21.2R3‑S10, all 21.3 releases, pre‑21.4R3‑S12 releases of 21.4, all 22.1 releases, pre‑22.2R3‑S8 releases of 22.2, all 22.4 releases, pre‑22.4R3‑S9 releases of 22.4, pre‑23.2R2‑S6 releases of 23.2, pre‑23.4R2‑S7 releases of 23.4, pre‑24.2R2‑S3 releases of 24.2, pre‑24.4R2‑S3 releases of 24.4, and versions of 25.2 before 25.2R1‑S2 and 25.2R2.

Risk and Exploitability

The vulnerability has a CVSS score of 8.7, indicating high severity. No EPSS score is provided, but the requirement for NAT64 configuration limits the attack surface. An adversary would need to craft a precise malformed ICMPv6 packet and target a device configured for NAT64; typical IPv4 or other IPv6 traffic does not trigger the crash. The attack results in repeated process restarts and a sustained denial of service until patched or removed from NAT64 mode. The CISA KEV list does not include this issue.

Generated by OpenCVE AI on April 9, 2026 at 23:51 UTC.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: Junos OS: 21.2R3-S10, 21.4R3-S12, 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S3, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.

Vendor Workaround

There are no known workarounds for this issue.

OpenCVE Recommended Actions

  • Apply the Juniper patch to update Junos OS to at least 21.2R3‑S10 or one of the subsequent releases listed in the vendor advisory.

Generated by OpenCVE AI on April 9, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://kb.juniper.net/JSA107874 cve-icon cve-icon
History

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Vendors & Products Juniper Networks
Juniper Networks junos Os

Thu, 09 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition. During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart. This issue cannot be triggered using IPv4 nor other IPv6 traffic. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S10, * all versions of 21.3, * from 21.4 before 21.4R3-S12, * all versions of 22.1, * from 22.2 before 22.2R3-S8, * all versions of 22.4, * from 22.4 before 22.4R3-S9, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S3, * from 25.2 before 25.2R1-S2, 25.2R2.
Title Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart.
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber'}

Subscriptions

Juniper Networks Junos Os
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-04-10T13:56:16.375Z

Reserved: 2026-03-23T19:46:13.672Z

Link: CVE-2026-33790

cve-icon Vulnrichment

Updated: 2026-04-10T13:56:13.079Z

cve-icon NVD

Status : Received

Published: 2026-04-09T22:16:28.803

Modified: 2026-04-09T22:16:28.803

Link: CVE-2026-33790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:47Z

Weaknesses