PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57029 Juniper Networks CVE debrief

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS). When the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data, it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.

Vendor
Juniper Networks
Product
Junos OS Evolved
CVSS
MEDIUM 6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Juniper Networks Junos OS Evolved on QFX Series, particularly those with exposure to adjacent, unauthenticated networks, should assess and apply necessary updates to mitigate potential Denial-of-Service (DoS) attacks.

Technical summary

The vulnerability exists in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series. An adjacent, unauthenticated attacker can exploit this Missing Synchronization issue to cause a Denial-of-Service (DoS) by crashing the evo-pfemand process when the reachability of an sFlow collector changes and the sFlow thread accesses the next-hop data simultaneously. This issue affects Junos OS Evolved on QFX Series: all 23.2 versions, 23.4 versions before 23.4R2-S7-EVO, 24.2 versions before 24.2R2-S5-EVO, 24.4 versions before 24.4R2-S3-EVO, 25.2 versions before 25.2R2-EVO.

Defensive priority

Apply updates to affected Junos OS Evolved versions on QFX Series to prevent potential DoS attacks.

Recommended defensive actions

  • Inventory and assess exposure of Juniper Networks Junos OS Evolved on QFX Series
  • Apply updates for affected versions: 23.2, 23.4 before 23.4R2-S7-EVO, 24.2 before 24.2R2-S5-EVO, 24.4 before 24.4R2-S3-EVO, 25.2 before 25.2R2-EVO
  • Monitor network traffic and system logs for signs of exploitation attempts
  • Implement compensating controls such as network segmentation and access controls
  • Review and apply Juniper Networks support portal references for additional guidance
  • Track exceptions and retest remediated assets
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-09T22:17:08.453Z and was last modified on 2026-07-10T16:16:37.570Z. The NVD entry is currently Received. Evidence is limited to CVE and NVD data. Defenders should verify system configurations, review network traffic and system logs for signs of exploitation attempts, and apply updates for affected versions.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:08.453Z and has not been modified since then. The NVD entry is currently Received.