PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57021 Juniper Networks CVE debrief

CVE-2026-57021 is an Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series. This vulnerability allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. The crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.

Vendor
Juniper Networks
Product
Junos OS
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Juniper Networks Junos OS on SRX Series, especially those with remote-access VPN configured with pre-logon compliance check, should be aware of this vulnerability and take necessary actions to protect their systems.

Technical summary

The vulnerability exists in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series. An unauthenticated, network-based attacker can cause a Denial-of-Service (DoS) by sending specifically formatted requests that trigger an out of bounds write, leading to an http-gk process crash. Affected versions include 23.2 before 23.2R2-S7, 23.4 before 23.4R2-S8, 24.2 before 24.2R2-S4, 24.4 before 24.4R2-S4, 25.2 before 25.2R2, and 25.4 before 25.4R1-S1, 25.4R2.

Defensive priority

High

Recommended defensive actions

  • Update to the latest version of Junos OS on SRX Series
  • Disable remote-access VPN with pre-logon compliance check if not needed
  • Monitor system services web-management configuration for potential impact
  • Implement compensating controls to detect and prevent similar attacks
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-09T22:17:07.057Z and was last modified on 2026-07-10T15:16:44.233Z. The NVD entry is currently Received. This Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). Evidence is limited to public CVE and NVD information. Defenders should verify system services web-management configuration for potential impact and review compensating controls for exposed systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:07.057Z and has not been modified since then. The NVD entry is currently Received.