CVE-2026-21910

EPSS 0.02%
Veröffentlicht 15.01.2026 20:23:29
Zuletzt bearbeitet 16.01.2026 15:55:12
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).

On all EX4k and QFX5k platforms, a link flap in an

EVPN-VXLAN configuration Link Aggregation Group (LAG)
results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.

This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.

Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command.

This issue affects Junos OS 

on EX4k and QFX5k Series: 



  *  all versions before 21.4R3-S12, 
  *  all versions of 22.2
  *  from 22.4 before 22.4R3-S8, 
  *  from 23.2 before 23.2R2-S5, 
  *  from 23.4 before 23.4R2-S5, 
  *  from 24.2 before 24.2R2-S3,
  *  from 24.4 before 24.4R2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerJuniper Networks

≫

Produkt Junos OS

Default Statusunaffected

Version < 21.4R3-S12

Version 0

Status affected

Version < 22.2*

Version 22.2

Status affected

Version < 22.4R3-S8

Version 22.4

Status affected

Version < 23.2R2-S5

Version 23.2

Status affected

Version < 23.4R2-S5

Version 23.4

Status affected

Version < 24.2R2-S3

Version 24.2

Status affected

Version < 24.4R2

Version 24.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Green

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://supportportal.juniper.net/JSA106009

https://kb.juniper.net/JSA106009

https://nvd.nist.gov/vuln/detail/CVE-2026-21910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21910

EUVD