An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.  This issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304: * 23.2 versions from 23.2R2-S1 before 23.2R2-S7, * 23.4 versions from 23.4R2 before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2.
History

Fri, 10 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Vendors & Products Juniper Networks
Juniper Networks junos Os

Thu, 09 Jul 2026 21:45:00 +0000

Type Values Removed Values Added
Description An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.  This issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304: * 23.2 versions from 23.2R2-S1 before 23.2R2-S7, * 23.4 versions from 23.4R2 before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2.
Title Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/RE:M'}


cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2026-07-09T21:13:46.497Z

Updated: 2026-07-10T14:37:16.783Z

Reserved: 2026-06-23T16:27:00.249Z

Link: CVE-2026-57031

cve-icon Vulnrichment

Updated: 2026-07-10T14:36:34.009Z

cve-icon NVD

No data.

cve-icon Redhat

No data.