Unrated severityNVD Advisory· Published Jan 15, 2026· Updated Jan 15, 2026

Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash

CVE-2026-21914

Description

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).

If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.

This issue affects Junos OS on SRX Series:

all versions before 22.4R3-S8,
23.2 versions before 23.2R2-S5,
23.4 versions before 23.4R2-S6,
24.2 versions before 24.2R2-S3,
24.4 versions before 24.4R2-S2,
25.2 versions before 25.2R1-S1, 25.2R2.

Affected products

Juniper Networks/Junosllm-fuzzy
Range: before 22.4R3-S8; before 23.2R2-S5; before 23.4R2-S6; before 24.2R2-S3; before 24.4R2-S2; before 25.2R1-S1, 25.2R2
Juniper Networks/Junos OSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.juniper.net/JSA106015mitrevendor-advisory
supportportal.juniper.net/JSA106015mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000