PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57030 Juniper Networks CVE debrief

A high-severity vulnerability, CVE-2026-57030, was found in Juniper Networks Junos OS on SRX Series devices. This vulnerability, caused by a race condition in the packet forwarding engine, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability occurs during the removal of flows, where a timeout is set to a very high value, leading to an accumulation of flows. This can cause the system to stop forwarding or result in a flowd core and automatic reboot. Organizations should be aware of this vulnerability and take immediate action to mitigate the risk.

Vendor
Juniper Networks
Product
Junos OS
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Organizations using Juniper Networks Junos OS on SRX Series devices should be aware of this vulnerability and take immediate action to mitigate the risk. This vulnerability can be exploited by an unauthenticated, network-based attacker, making it a high-severity issue. The vulnerability affects operators managing SRX Series devices, platform administrators, vulnerability management teams, and security teams responsible for incident response.

Technical summary

The vulnerability occurs in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. During the removal of flows, a race condition causes the timeout to be set to a very high value, leading to an accumulation of flows. This can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary'. These sessions cannot be cleared manually with the 'clear security flow session' command, which can lead to forwarding stopping or a flowd core and automatic reboot. The vulnerability affects Junos OS on SRX Series devices with versions 24.2 before 24.2R2-S3, 24.4 before 24.4R2-S1 and 24.4R2-S2, and 25.2 before 25.2R1-S2 and 25.2R2.

Defensive priority

High

Recommended defensive actions

  • Apply the necessary patches to Junos OS on SRX Series devices
  • Monitor system logs for signs of exploitation
  • Implement compensating controls to detect and prevent similar attacks
  • Review and update incident response plans to address potential DoS attacks
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T22:17:08.643Z and was last modified on 2026-07-10T16:16:37.710Z. The NVD entry is currently Received. The vulnerability details are based on the information provided in the CVE record and NVD entry. However, the exact conditions for the race condition are outside the attacker's control. To verify the vulnerability, defenders should review the official advisory and CVE record. The NVD entry provides additional information on the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:08.643Z and has not been modified since then. The NVD entry is currently Received.