CVE-2026-57021 in Junos OS
Summary
by MITRE • 07/10/2026
An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.
This issue affects Junos OS on SRX Series:
* 23.2 versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S1, 25.4R2.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/10/2026
This vulnerability represents a critical out-of-bounds write condition within the http-gatekeeper component of Juniper Networks Junos OS running on SRX Series devices. The flaw manifests when the system processes specifically crafted HTTP requests through the remote-access VPN pre-logon compliance check mechanism, creating a scenario where malicious input triggers memory corruption that results in process termination. This vulnerability falls under the CWE-787 category for out-of-bounds write conditions and aligns with ATT&CK technique T1499.002 for network denial of service attacks through system resource exhaustion.
The technical implementation involves the http-gk process failing to properly validate input parameters during VPN pre-authentication checks, allowing an attacker to craft requests that exceed allocated memory boundaries within the application's buffer management. When these malformed requests are processed, they cause the http-gk process to write data beyond its intended memory allocation, leading to a segmentation fault that terminates the service. This type of vulnerability represents a classic buffer overflow scenario where insufficient bounds checking permits arbitrary memory corruption.
The operational impact of this vulnerability extends far beyond simple service disruption as it affects critical management and security functions within the SRX device. All services configured under the system services web-management section become unavailable, including J-Web interface access, remote access VPN functionality, and firewall authentication mechanisms that depend on these components. The DoS condition persists until the affected process automatically restarts, potentially creating extended periods of service unavailability that can compromise network security posture and operational continuity.
Network-based attackers can exploit this vulnerability without requiring authentication credentials, making it particularly dangerous in environments where SRX devices are exposed to untrusted networks or where perimeter security is insufficient. The attack vector specifically targets the VPN pre-logon compliance check functionality, which suggests that organizations with active remote-access VPN configurations are at heightened risk. This vulnerability aligns with ATT&CK tactic TA0043 for resource exhaustion and manipulation, as it consumes system resources through process termination.
The affected versions span multiple Junos OS releases including 23.2R1-S1 through 23.2R2-S7, 23.4R1-S1 through 23.4R2-S8, 24.2R1-S1 through 24.2R2-S4, 24.4R1-S1 through 24.4R2-S4, 25.2R1 through 25.2R2, and 25.4R1 through 25.4R2-S1. Organizations should prioritize immediate patching of affected systems to prevent exploitation, as the vulnerability provides attackers with a straightforward method for disrupting essential network services. The remediation strategy should include implementing proper input validation controls, applying vendor security patches, and monitoring for suspicious network traffic patterns that might indicate exploitation attempts.
Security teams should consider implementing network segmentation to limit exposure of SRX devices to untrusted networks, while also establishing monitoring procedures to detect potential exploitation attempts through abnormal HTTP request patterns. The vulnerability demonstrates the importance of robust input validation in web-based management interfaces and highlights the need for comprehensive security testing of authentication and compliance check mechanisms within network infrastructure devices. Organizations should also review their incident response procedures to ensure rapid recovery from such service disruption events that could impact overall network security operations.