CVE-2026-57023 in Junos OSinfo

Summary

by MITRE • 07/10/2026

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).

When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.



This issue affects Junos OS on MX with SPC3, and SRX Series: 



* 23.4 versions before 23.4R2-S7,  * 24.2 versions before 24.2R2-S4,  * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2.




This issue does not affect releases before 23.4R1.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

This vulnerability represents a critical input validation flaw that specifically targets the TCP proxy plugin functionality within Juniper Networks Junos OS operating on MX Series devices with SPC3 hardware and SRX Series platforms. The weakness manifests when the flow processing daemon (flowd) encounters malformed TCP headers during active flow sessions that utilize application layer gateways, advanced anti-malware services, ICAP integration, or unified threat management capabilities. This improper validation of specified quantity in input occurs at the protocol parsing level where the system fails to properly validate the TCP header fields before processing them within the flow context.

The technical exploitation of this vulnerability requires an unauthenticated network-based attacker who can craft and transmit specifically malformed TCP packets to the affected device. When such packets are processed by the flowd daemon during active TCP proxy sessions, the daemon experiences a critical failure that results in complete system crash and automatic restart. This behavior creates a persistent denial of service condition that completely disrupts network services until the system automatically recovers from the crash. The vulnerability specifically impacts the flow processing daemon which is responsible for managing and maintaining TCP session states within the Junos OS environment, making it particularly dangerous as it affects core networking functionality.

The operational impact of this vulnerability extends beyond simple service disruption to encompass complete network outage conditions that can affect critical infrastructure operations. Organizations relying on MX Series devices with SPC3 or SRX Series platforms for their network security and routing functions face significant risk from this flaw, as the DoS condition can persist until automatic recovery mechanisms engage. The vulnerability affects multiple software versions across different release trains including 23.4, 24.2, 24.4, and 25.2, indicating a widespread exposure across Juniper's product portfolio. The fact that this issue does not affect releases before 23.4R1 suggests the vulnerability was introduced in recent software updates that enhanced TCP proxy functionality.

From a cybersecurity perspective, this vulnerability aligns with CWE-129, which addresses improper validation of specified quantity in input, and demonstrates characteristics consistent with attack patterns described in MITRE ATT&CK framework under T1498 - Network Denial of Service. The vulnerability represents a classic case of insufficient input validation where malformed TCP headers are not properly sanitized before being processed by system components. Organizations should immediately implement mitigation strategies including applying the relevant security patches, implementing network segmentation to limit exposure, and monitoring for suspicious TCP packet patterns that may indicate exploitation attempts. The vulnerability underscores the importance of robust input validation in network infrastructure software and highlights the need for comprehensive testing of protocol handling functions within security appliances.

This flaw demonstrates how seemingly minor protocol parsing issues can result in complete system failures, particularly in enterprise networking equipment where availability is paramount. The vulnerability's presence across multiple release versions suggests that Juniper's development team should conduct thorough reviews of all TCP proxy functionality and related session management components to identify similar weaknesses. Network administrators must prioritize patch management for affected systems while also implementing monitoring solutions that can detect anomalous TCP traffic patterns indicative of exploitation attempts, ensuring that network availability remains protected against this specific class of denial of service attacks.

Responsible

Juniper

Reservation

06/23/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!