An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.
This issue affects Junos OS on QFX10000 Series:
* all versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S8,
* 24.2 versions before 24.2R2-S4,
* 24.4 versions before 24.4R2-S4.
This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://supportportal.juniper.net/JSA110080 |
|
History
Thu, 09 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Juniper Networks
Juniper Networks junos Os |
|
| Vendors & Products |
Juniper Networks
Juniper Networks junos Os |
Thu, 09 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic. This issue affects Junos OS on QFX10000 Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4. This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore. | |
| Title | Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood | |
| Weaknesses | CWE-754 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: juniper
Published:
Updated: 2026-07-09T21:05:07.368Z
Reserved: 2026-06-23T16:27:00.248Z
Link: CVE-2026-57020
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T22:30:05Z