Juniper Junos OS MX PFE Firewall Filter Bypass before 24.2R2-S3
CVE-2026-57031 Published on July 9, 2026
Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.
On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.
This issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304:
* 23.2 versions from 23.2R2-S1 before 23.2R2-S7,
* 23.4 versions from 23.4R2 before 23.4R2-S7,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S2,
* 25.2 versions before 25.2R2.
Vulnerability Analysis
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2026-57031
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Version 23.2R2-S1 and below 23.2R2-S7 is affected.
- Version 23.4R2 and below 23.4R2-S7 is affected.
- Version 24.2 and below 24.2R2-S3 is affected.
- Version 24.4 and below 24.4R2-S2 is affected.
- Version 25.2 and below 25.2R2 is affected.