OOB Write in Juniper Junos SRX http-gk Pre-25.4R1
CVE-2026-57021 Published on July 9, 2026
Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash
An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.
This issue affects Junos OS on SRX Series:
* 23.2 versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S8,
* 24.2 versions before 24.2R2-S4,
* 24.4 versions before 24.4R2-S4,
* 25.2 versions before 25.2R2,
* 25.4 versions before 25.4R1-S1, 25.4R2.
Vulnerability Analysis
CVE-2026-57021 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2026-57021 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2026-57021
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Version 23.2 and below 23.2R2-S7 is affected.
- Version 23.4 and below 23.4R2-S8 is affected.
- Version 24.2 and below 24.2R2-S4 is affected.
- Version 24.4 and below 24.4R2-S4 is affected.
- Version 25.2 and below 25.2R2 is affected.
- Version 25.4 and below 25.4R1-S1, 25.4R2 is affected.