6.9

CVE-2026-57021

Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash

An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.

This issue affects Junos OS on SRX Series:


  *  23.2 versions before 23.2R2-S7,
  *  23.4 versions before 23.4R2-S8,
  *  24.2 versions before 24.2R2-S4,
  *  24.4 versions before 24.4R2-S4,
  *  25.2 versions before 25.2R2,
  *  25.4 versions before 25.4R1-S1, 25.4R2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version 23.2
Version < 23.2R2-S7
Status affected
Version 23.4
Version < 23.4R2-S8
Status affected
Version 24.2
Version < 24.2R2-S4
Status affected
Version 24.4
Version < 24.4R2-S4
Status affected
Version 25.2
Version < 25.2R2
Status affected
Version 25.4
Version < 25.4R1-S1, 25.4R2
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
sirt@juniper.net 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.