SRX PFE Crash via ICMP over GRE (Junos OS <21.4R3-S12, <22.4R3-S8)
CVE-2026-21906 Published on January 15, 2026
Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.
When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.
Note that PMI with GRE performance acceleration is only supported on specific SRX platforms.
This issue affects Junos OS on the SRX Series:
* all versions before 21.4R3-S12,
* from 22.4 before 22.4R3-S8,
* from 23.2 before 23.2R2-S5,
* from 23.4 before 23.4R2-S5,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2-S1,
* from 25.2 before 25.2R1-S1, 25.2R2.
Vulnerability Analysis
CVE-2026-21906 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
Products Associated with CVE-2026-21906
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Before 21.4R3-S12 is affected.
- Version 22.4 and below 22.4R3-S8 is affected.
- Version 23.2 and below 23.2R2-S5 is affected.
- Version 23.4 and below 23.4R2-S5 is affected.
- Version 24.2 and below 24.2R2-S3 is affected.
- Version 24.4 and below 24.4R2-S1 is affected.
- Version 25.2 and below 25.2R1-S1, 25.2R2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.