Vulnerability Details CVE-2026-57021
An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.
This issue affects Junos OS on SRX Series:
* 23.2 versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S8,
* 24.2 versions before 24.2R2-S4,
* 24.4 versions before 24.4R2-S4,
* 25.2 versions before 25.2R2,
* 25.4 versions before 25.4R1-S1, 25.4R2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 37.7%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-57021
-
cpe:2.3:h:juniper:srx1500:-
-
cpe:2.3:h:juniper:srx1600:-
-
cpe:2.3:h:juniper:srx2300:-
-
cpe:2.3:h:juniper:srx300:-
-
cpe:2.3:h:juniper:srx320:-
-
cpe:2.3:h:juniper:srx340:-
-
cpe:2.3:h:juniper:srx345:-
-
cpe:2.3:h:juniper:srx380:-
-
cpe:2.3:h:juniper:srx400:-
-
cpe:2.3:h:juniper:srx4100:-
-
cpe:2.3:h:juniper:srx4200:-
-
cpe:2.3:h:juniper:srx4300:-
-
cpe:2.3:h:juniper:srx440:-
-
cpe:2.3:h:juniper:srx4600:-
-
cpe:2.3:h:juniper:srx5400:-
-
cpe:2.3:h:juniper:srx5800:-
-
cpe:2.3:o:juniper:junos:23.2
-
cpe:2.3:o:juniper:junos:23.4
-
cpe:2.3:o:juniper:junos:24.2
-
cpe:2.3:o:juniper:junos:24.4
-
cpe:2.3:o:juniper:junos:25.2
-
cpe:2.3:o:juniper:junos:25.4