CVE-2026-57032 PUBLISHED

Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash

Assigner: juniper
Reserved: 23.06.2026 Published: 09.07.2026 Updated: 10.07.2026

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).

If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted. 

The following log message can be seen when this issue happens:

agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor>

This issue affects Junos OS on

EX2300, EX3400, EX4000, EX4100 and EX4400

devices:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S8,
  • 24.2 versions before 24.2R2-S5,
  • 24.4 versions before 24.4R2.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M
CVSS Score: 7.1

Product Status

Vendor Juniper Networks
Product Junos OS
Versions Default: unaffected
  • affected from 0 to 23.2R2-S7 (excl.)
  • affected from 23.4 to 23.4R2-S8 (excl.)
  • affected from 24.2 to 24.2R2-S5 (excl.)
  • affected from 24.4 to 24.4R2 (excl.)

Affected Configurations

To be exposed to this issue gRPC needs to be enabled via at least one of:

[ system services http servers ] [ system services extension-service request-response grpc ]

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Workarounds

There are no known workarounds for this issue. To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.

Solutions

The following software releases have been updated to resolve this specific issue:

Junos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2, 25.2R1, and all subsequent releases.

References

Problem Types

  • CWE-236 Improper Handling of Undefined Parameters CWE