CVE-2026-57029 PUBLISHED

Junos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand process can crash

Assigner: juniper
Reserved: 23.06.2026 Published: 09.07.2026 Updated: 10.07.2026

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS).

When the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.

This issue affects Junos OS Evolved on QFX Series:

  • all 23.2 versions, 
  • 23.4 versions before 23.4R2-S7-EVO,
  • 24.2 versions before 24.2R2-S5-EVO,
  • 24.4 versions before 24.4R2-S3-EVO,
  • 25.2 versions before 25.2R2-EVO.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M
CVSS Score: 6

Product Status

Vendor Juniper Networks
Product Junos OS Evolved
Versions Default: unaffected
  • affected from 0 to 23.4R2-S7-EVO (excl.)
  • affected from 24.2 to 24.2R2-S5-EVO (excl.)
  • affected from 24.4 to 24.4R2-S3-EVO (excl.)
  • affected from 25.2 to 25.2R2-EVO (excl.)

Affected Configurations

To be exposed to this issue at least one sflow collector needs to be configured via:

[ protocols sflow collector <address> ]

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Workarounds

There are no known workarounds for this issue.

Solutions

The following software releases have been updated to resolve this specific issue:

Junos OS Evolved: 23.4R2-S7-EVO, 24.2R2-S5-EVO, 24.4R2-S3-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.

References

Problem Types

  • CWE-820 Missing Synchronization CWE