{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/junos-os-on-srx-series-all-versions-before-23.2r2-s7/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-57026"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Junos OS on MX Series with SPC3 (all versions before 23.2R2-S7)","Junos OS on MX Series with SPC3 (23.4 versions before 23.4R2-S8)","Junos OS on MX Series with SPC3 (24.2 versions before 24.2R2-S5)","Junos OS on MX Series with SPC3 (24.4 versions before 24.4R2-S4)","Junos OS on MX Series with SPC3 (25.2 versions before 25.2R2)","Junos OS on MX Series with SPC3 (25.4 versions before 25.4R1-S2)","Junos OS on SRX Series (all versions before 23.2R2-S7)","Junos OS on SRX Series (23.4 versions before 23.4R2-S8)","Junos OS on SRX Series (24.2 versions before 24.2R2-S5)","Junos OS on SRX Series (24.4 versions before 24.4R2-S4)","Junos OS on SRX Series (25.2 versions before 25.2R2)","Junos OS on SRX Series (25.4 versions before 25.4R1-S2)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","vulnerability","juniper","network"],"_cs_type":"advisory","_cs_vendors":["Juniper Networks"],"content_html":"\u003cp\u003eA critical denial-of-service vulnerability, CVE-2026-57026, has been identified in Juniper Networks Junos OS, affecting MX Series devices equipped with SPC3 line cards and SRX Series firewalls. This flaw resides within the SIP plugin, specifically when the SIP Application Layer Gateway (ALG) feature is enabled. An unauthenticated attacker, operating over the network, can exploit this vulnerability by sending a specially crafted, malformed SIP INVITE packet to a vulnerable device. The improper validation of syntactic correctness within the SIP plugin causes the device's flow processing daemon (\u003ccode\u003eflowd\u003c/code\u003e) to crash and restart. This event triggers a complete service outage, rendering the device inoperable until it automatically recovers, making it a significant concern for network availability and stability. All versions before 23.2R2-S7, and specific versions across 23.4, 24.2, 24.4, 25.2, and 25.4 releases are affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eTarget Identification\u003c/strong\u003e: An unauthenticated attacker identifies a Juniper Networks MX Series device with SPC3 or an SRX Series device running a vulnerable version of Junos OS, with the SIP ALG feature enabled and reachable over the network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePacket Crafting\u003c/strong\u003e: The attacker constructs a malformed SIP INVITE packet, specifically designed to exploit the improper input validation vulnerability within the device's SIP plugin.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploitation Attempt\u003c/strong\u003e: The crafted malformed SIP INVITE packet is sent by the attacker to the vulnerable Juniper device.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Trigger\u003c/strong\u003e: The device, with its SIP ALG enabled, attempts to process the syntactically incorrect SIP INVITE packet.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDaemon Crash\u003c/strong\u003e: Due to the improper validation, the processing of the malformed packet causes the \u003ccode\u003eflowd\u003c/code\u003e (flow processing daemon) on the Juniper device to crash.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eService Outage\u003c/strong\u003e: The \u003ccode\u003eflowd\u003c/code\u003e crash immediately results in a complete denial-of-service, leading to a network outage and disruption of traffic flow through the affected device.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystem Recovery (Temporary)\u003c/strong\u003e: The device automatically initiates a restart of the \u003ccode\u003eflowd\u003c/code\u003e daemon and recovers its services, but remains vulnerable to repeated exploitation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-57026 leads directly to a complete denial-of-service (DoS) for the affected Juniper Networks device. This means that all network services routed through the compromised MX Series with SPC3 or SRX Series device will become unavailable, causing significant operational disruption. The \u003ccode\u003eflowd\u003c/code\u003e crash and subsequent restart, while automatic, represents a critical availability risk, especially for organizations relying on these devices for core network routing and security functions. The unauthenticated and network-based nature of the attack allows for widespread impact without prior access or credentials, affecting any internet-facing or internally exposed vulnerable device.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the security updates for CVE-2026-57026 provided by Juniper Networks to all affected Junos OS on MX Series with SPC3 and SRX Series devices.\u003c/li\u003e\n\u003cli\u003eReview network configurations for all devices identified as affected in this brief, and disable the SIP ALG feature if it is not explicitly required for your network's voice or multimedia services.\u003c/li\u003e\n\u003cli\u003eMonitor your Juniper Networks MX Series and SRX Series devices for unexpected \u003ccode\u003eflowd\u003c/code\u003e crashes or restarts as a potential indicator of CVE-2026-57026 exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T22:21:28Z","date_published":"2026-07-09T22:21:28Z","id":"https://feed.craftedsignal.io/briefs/2026-07-juniper-junos-sip-dos/","summary":"An unauthenticated, network-based attacker can exploit CVE-2026-57026, an improper input validation vulnerability, in the SIP plugin of Juniper Networks Junos OS. If the SIP ALG is enabled on affected MX Series with SPC3 or SRX Series devices, processing a malformed SIP invite packet will cause the flow processing daemon (flowd) to crash and restart, leading to a complete denial of service until the system recovers.","title":"CVE-2026-57026 - Improper Validation of SIP Input in Juniper Junos OS Leads to DoS","url":"https://feed.craftedsignal.io/briefs/2026-07-juniper-junos-sip-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Junos OS on SRX Series (All Versions Before 23.2R2-S7)","version":"https://jsonfeed.org/version/1.1"}