PatchSiren cyber security CVE debrief
CVE-2026-57021 Juniper Networks CVE debrief
CVE-2026-57021 is an Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series. This vulnerability allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. The crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.
- Vendor
- Juniper Networks
- Product
- Junos OS
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Juniper Networks Junos OS on SRX Series, especially those with remote-access VPN configured with pre-logon compliance check, should be aware of this vulnerability and take necessary actions to protect their systems.
Technical summary
The vulnerability exists in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series. An unauthenticated, network-based attacker can cause a Denial-of-Service (DoS) by sending specifically formatted requests that trigger an out of bounds write, leading to an http-gk process crash. Affected versions include 23.2 before 23.2R2-S7, 23.4 before 23.4R2-S8, 24.2 before 24.2R2-S4, 24.4 before 24.4R2-S4, 25.2 before 25.2R2, and 25.4 before 25.4R1-S1, 25.4R2.
Defensive priority
High
Recommended defensive actions
- Update to the latest version of Junos OS on SRX Series
- Disable remote-access VPN with pre-logon compliance check if not needed
- Monitor system services web-management configuration for potential impact
- Implement compensating controls to detect and prevent similar attacks
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-09T22:17:07.057Z and was last modified on 2026-07-10T15:16:44.233Z. The NVD entry is currently Received. This Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). Evidence is limited to public CVE and NVD information. Defenders should verify system services web-management configuration for potential impact and review compensating controls for exposed systems.
Official resources
-
CVE-2026-57021 CVE record
CVE.org
-
CVE-2026-57021 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:07.057Z and has not been modified since then. The NVD entry is currently Received.