{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33790", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-03-23T19:46:13.672Z", "datePublished": "2026-04-09T21:38:08.493Z", "dateUpdated": "2026-04-09T21:38:08.493Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["SRX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S10", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S12", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.2R3-S8", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.4R3-S9", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S6", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S7", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S3", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2-S3", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S2, 25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}, {"lessThan": "21.3*", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "22.1*", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.3*", "status": "affected", "version": "22.3", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue requires a NAT IPv6 to IPv4 (NAT64) configuration to be present. For example:<br><br><tt>[ security nat source pool 1 address &lt;IPv4 address&gt; ]<br>[ security nat source rule-set 1 from zone &lt;private-zone&gt; ... ]<br>[ security nat source rule-set 1 to zone &lt;public-zone&gt; ... ]<br>[ security nat source rule-set 1 rule 1 match source-address &lt;IPv6 subnet&gt; ]<br>[ security nat source rule-set 1 rule 1 match destination-address 0.0.0.0/0 ]<br>[ security nat source rule-set 1 rule 1 then source-nat pool 1 ]<br><br>[ set security nat static rule-set 1 from zone &lt;pvt-zone&gt; ]<br>[ set security nat static rule-set 1 rule 1 match destination-address &lt;dest IPv6 subnet / 96 &gt; ]<br>[ set security nat static rule-set 1 rule 1 then static-nat inet ]</tt><br><br>"}], "value": "This issue requires a NAT IPv6 to IPv4 (NAT64) configuration to be present. For example:\n\n[ security nat source pool 1 address <IPv4 address> ]\n[ security nat source rule-set 1 from zone <private-zone> ... ]\n[ security nat source rule-set 1 to zone <public-zone> ... ]\n[ security nat source rule-set 1 rule 1 match source-address <IPv6 subnet> ]\n[ security nat source rule-set 1 rule 1 match destination-address 0.0.0.0/0 ]\n[ security nat source rule-set 1 rule 1 then source-nat pool 1 ]\n\n[ set security nat static rule-set 1 from zone <pvt-zone> ]\n[ set security nat static rule-set 1 rule 1 match destination-address <dest IPv6 subnet / 96 > ]\n[ set security nat static rule-set 1 rule 1 then static-nat inet ]"}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart.&nbsp;Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition.<br><br>During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart.<br><br>This issue cannot be triggered using IPv4 nor other IPv6 traffic.<br>\n\n<br>This issue affects Junos OS on SRX Series:<br><ul><li>all versions before 21.2R3-S10,</li><li>all versions of 21.3,</li><li>from 21.4 before 21.4R3-S12,</li><li>all versions of 22.1,</li><li>from 22.2 before 22.2R3-S8,</li><li>all versions of 22.4,</li><li>from 22.4 before 22.4R3-S9,</li><li>from 23.2 before 23.2R2-S6,</li><li>from 23.4 before 23.4R2-S7,</li><li>from 24.2 before 24.2R2-S3,</li><li>from 24.4 before 24.4R2-S3,</li><li>from 25.2 before 25.2R1-S2, 25.2R2.</li></ul>"}], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart.\u00a0Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition.\n\nDuring NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart.\n\nThis issue cannot be triggered using IPv4 nor other IPv6 traffic.\n\n\n\nThis issue affects Junos OS on SRX Series:\n * all versions before 21.2R3-S10,\n * all versions of 21.3,\n * from 21.4 before 21.4R3-S12,\n * all versions of 22.1,\n * from 22.2 before 22.2R3-S8,\n * all versions of 22.4,\n * from 22.4 before 22.4R3-S9,\n * from 23.2 before 23.2R2-S6,\n * from 23.4 before 23.4R2-S7,\n * from 24.2 before 24.2R2-S3,\n * from 24.4 before 24.4R2-S3,\n * from 25.2 before 25.2R1-S2, 25.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:38:08.493Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107874"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br><br>Junos OS: 21.2R3-S10, 21.4R3-S12, 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S3, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S10, 21.4R3-S12, 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S3, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."}], "source": {"advisory": "JSA107874", "defect": ["1897060"], "discovery": "INTERNAL"}, "title": "Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart.", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart.\u00a0Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition.\n\nDuring NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart.\n\nThis issue cannot be triggered using IPv4 nor other IPv6 traffic.\n\n\n\nThis issue affects Junos OS on SRX Series:\n * all versions before 21.2R3-S10,\n * all versions of 21.3,\n * from 21.4 before 21.4R3-S12,\n * all versions of 22.1,\n * from 22.2 before 22.2R3-S8,\n * all versions of 22.4,\n * from 22.4 before 22.4R3-S9,\n * from 23.2 before 23.2R2-S6,\n * from 23.4 before 23.4R2-S7,\n * from 24.2 before 24.2R2-S3,\n * from 24.4 before 24.4R2-S3,\n * from 25.2 before 25.2R1-S2, 25.2R2."}], "id": "CVE-2026-33790", "lastModified": "2026-04-09T22:16:28.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:28.803", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107874"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,21.2R3-S10)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[21.4,21.4R3-S12)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[22.2,22.2R3-S8)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[22.4,22.4R3-S9)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[23.2,23.2R2-S6)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[23.4,23.4R2-S7)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.2,24.2R2-S3)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2-S3)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R1-S2)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R2)"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[21.3,*]"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[22.1,*]"}}, {"platform": ["srx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[22.3,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-09T23:51:58.368642+00:00", "value": {"mitigation_remediation": ["Apply the Juniper patch to update Junos OS to at least 21.2R3\u2011S10 or one of the subsequent releases listed in the vendor advisory."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Juniper Network's Junos OS on SRX Series devices are affected. All releases before the patched versions are vulnerable, including every release prior to 21.2R3\u2011S10, all 21.3 releases, pre\u201121.4R3\u2011S12 releases of 21.4, all 22.1 releases, pre\u201122.2R3\u2011S8 releases of 22.2, all 22.4 releases, pre\u201122.4R3\u2011S9 releases of 22.4, pre\u201123.2R2\u2011S6 releases of 23.2, pre\u201123.4R2\u2011S7 releases of 23.4, pre\u201124.2R2\u2011S3 releases of 24.2, pre\u201124.4R2\u2011S3 releases of 24.4, and versions of 25.2 before 25.2R1\u2011S2 and 25.2R2.", "description_and_impact": "An improperly evaluated condition in Juniper's flow daemon during NAT64 translation allows an attacker to send a specifically crafted malformed ICMPv6 packet that causes the srxpfe process to crash. The crash forces the process to restart repeatedly, resulting in a persistent denial\u2011of\u2011service that interrupts traffic handling. This weakness is a failure to perform a required check against unusual or exceptional conditions and is classified as CWE\u2011754.", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.7, indicating high severity. No EPSS score is provided, but the requirement for NAT64 configuration limits the attack surface. An adversary would need to craft a precise malformed ICMPv6 packet and target a device configured for NAT64; typical IPv4 or other IPv6 traffic does not trigger the crash. The attack results in repeated process restarts and a sustained denial of service until patched or removed from NAT64 mode. The CISA KEV list does not include this issue."}}}}, "created": "2026-04-10T08:36:50.368394+00:00", "updated": "2026-04-10T09:27:47.225349+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}