PatchSiren cyber security CVE debrief
CVE-2026-57030 Juniper Networks CVE debrief
A high-severity vulnerability, CVE-2026-57030, was found in Juniper Networks Junos OS on SRX Series devices. This vulnerability, caused by a race condition in the packet forwarding engine, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability occurs during the removal of flows, where a timeout is set to a very high value, leading to an accumulation of flows. This can cause the system to stop forwarding or result in a flowd core and automatic reboot. Organizations should be aware of this vulnerability and take immediate action to mitigate the risk.
- Vendor
- Juniper Networks
- Product
- Junos OS
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Organizations using Juniper Networks Junos OS on SRX Series devices should be aware of this vulnerability and take immediate action to mitigate the risk. This vulnerability can be exploited by an unauthenticated, network-based attacker, making it a high-severity issue. The vulnerability affects operators managing SRX Series devices, platform administrators, vulnerability management teams, and security teams responsible for incident response.
Technical summary
The vulnerability occurs in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. During the removal of flows, a race condition causes the timeout to be set to a very high value, leading to an accumulation of flows. This can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary'. These sessions cannot be cleared manually with the 'clear security flow session' command, which can lead to forwarding stopping or a flowd core and automatic reboot. The vulnerability affects Junos OS on SRX Series devices with versions 24.2 before 24.2R2-S3, 24.4 before 24.4R2-S1 and 24.4R2-S2, and 25.2 before 25.2R1-S2 and 25.2R2.
Defensive priority
High
Recommended defensive actions
- Apply the necessary patches to Junos OS on SRX Series devices
- Monitor system logs for signs of exploitation
- Implement compensating controls to detect and prevent similar attacks
- Review and update incident response plans to address potential DoS attacks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-09T22:17:08.643Z and was last modified on 2026-07-10T16:16:37.710Z. The NVD entry is currently Received. The vulnerability details are based on the information provided in the CVE record and NVD entry. However, the exact conditions for the race condition are outside the attacker's control. To verify the vulnerability, defenders should review the official advisory and CVE record. The NVD entry provides additional information on the vulnerability.
Official resources
-
CVE-2026-57030 CVE record
CVE.org
-
CVE-2026-57030 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:08.643Z and has not been modified since then. The NVD entry is currently Received.