CVE-2026-57030 in Junos OSinfo

Summary

by MITRE • 07/10/2026

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:



user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid

This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary':

user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.


This issue affects Junos OS on SRX Series:


* 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2.




This issue does not affect releases earlier than 24.2R1;

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability described represents a critical race condition in the packet forwarding engine of Juniper Networks SRX Series devices running Junos OS, specifically impacting the flow management subsystem. This flaw manifests as a concurrent execution issue involving shared resources with improper synchronization, directly correlating to CWE-362 which defines race conditions where multiple threads or processes access shared data simultaneously without proper coordination mechanisms. The vulnerability exists within the stateful traffic processing architecture where flows are dynamically created and destroyed during normal network operations, creating an environment where timing-sensitive operations can lead to inconsistent system behavior.

The technical implementation of this vulnerability stems from improper synchronization mechanisms when setting flow timeouts during the flow removal process. Under normal conditions, flow timeouts should be consistently set to a predefined value of three seconds, ensuring timely resource cleanup and preventing accumulation of stale sessions. However, due to the race condition present in the PFE code, there exists a scenario where timeout values can be incorrectly set to extraordinarily high values exceeding 10,000 seconds. This misconfiguration results in flows remaining active far beyond their intended lifespan, creating a gradual but steady accumulation of invalid sessions that consume system resources and ultimately degrade device performance.

The operational impact of this vulnerability is severe and manifests through multiple cascading effects that can completely compromise device functionality. As flows accumulate with extended timeout values, the system's flow table becomes increasingly saturated with invalidated sessions, as evidenced by the monitoring output showing hundreds of thousands of invalid sessions. The affected system exhibits behavior where manual clearing operations become ineffective, forcing administrators to resort to complete system reboots for recovery. This scenario directly impacts network availability and can result in extended downtime that affects critical network services. The vulnerability's timing nature means that attackers can potentially trigger this condition through specific network traffic patterns, though the exact triggering conditions are not fully within the attacker's control.

The affected versions span multiple Junos OS release lines including 24.2 before 24.2R2-S3, 24.4 before 24.4R2-S1 and S2, and 25.2 before 25.2R1-S2 and 25.2R2, indicating this is a widespread issue affecting recent software releases. The vulnerability does not affect versions prior to 24.2R1, suggesting the race condition was introduced in specific code modifications during that release cycle. From an ATT&CK framework perspective, this vulnerability maps to T1499.004 (Endpoint Denial of Service) and T1566.001 (Phishing with Social Engineering) as attackers could potentially exploit this weakness through network-based attacks that trigger the race condition, though the attack surface is limited by the timing-sensitive nature of the flaw. Mitigation strategies should focus on applying the relevant security patches provided by Juniper, monitoring flow table utilization and session counts, implementing network segmentation to limit exposure, and establishing automated alerting for abnormal session accumulation patterns. Organizations should also consider implementing network access controls to reduce the attack surface and ensure that only authorized traffic can reach vulnerable SRX Series devices.

Responsible

Juniper

Reservation

06/23/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!