Home

Description

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not seen when YANG packages for the specific sensors were installed. This issue affects Junos OS: * all versions before 22.4R3-S7, * 23.2 version before 23.2R2-S4, * 23.4 versions before 23.4R2.

PUBLISHED Reserved 2026-01-05 | Published 2026-01-15 | Updated 2026-01-15 | Assigner juniper




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unaffected

Any version before 22.4R3-S7
affected

23.2 (semver) before 23.2R2-S4
affected

23.4 (semver) before 23.4R2
affected

References

supportportal.juniper.net/JSA106022 vendor-advisory

kb.juniper.net/JSA106022 vendor-advisory

cve.org (CVE-2026-21903)

nvd.nist.gov (CVE-2026-21903)

Download JSON