CVE-2026-0203 is a vulnerability classified under CWE-755 (Improper Handling of Exceptional Conditions) affecting Juniper Networks Junos OS. It specifically impacts the packet processing component handling ICMPv4 packets. When the system receives an ICMPv4 packet with a malformed IP header value, the forwarding packet card (FPC) responsible for processing the packet crashes and subsequently restarts. This results in a denial of service (DoS) condition, temporarily disrupting network operations on the affected device. The vulnerability is exploitable by an unauthenticated attacker who is network-adjacent, meaning they must be on the same or directly connected network segment. The malformed packets are not forwarded by adjacent upstream routers, which limits the attack vector to local networks. The vulnerability does not affect ICMPv6 traffic or AFT-based line cards such as MPC10, MPC11, LC4800, LC9600, and MX304, which use a different packet processing architecture. Multiple Junos OS versions are affected, including all versions before 21.2R3-S9 and various subsequent releases up to 24.2 before 24.2R1-S2 and 24.2R2. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with attack vector as adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability (DoS). No public exploits have been reported to date, but the vulnerability poses a risk to network stability in environments using affected Junos OS versions.

The primary impact of CVE-2026-0203 is a denial of service condition caused by the crash and restart of the forwarding packet card (FPC) on Juniper devices running vulnerable Junos OS versions. This can lead to temporary network outages or degraded performance, affecting the availability of critical network infrastructure. Organizations relying on Juniper routers and switches for core or edge routing may experience service disruptions, impacting business operations, especially in environments requiring high availability such as data centers, ISPs, and enterprise WANs. Since the attack requires adjacency, the risk is higher in environments where untrusted users or devices have local network access, such as shared hosting facilities, multi-tenant data centers, or poorly segmented internal networks. Although the vulnerability does not compromise confidentiality or integrity, repeated exploitation could cause operational instability and increased maintenance overhead. The limited attack surface reduces the likelihood of widespread exploitation, but targeted attacks in sensitive environments could have significant operational consequences.

To mitigate CVE-2026-0203, organizations should prioritize upgrading Junos OS to the fixed versions starting from 21.2R3-S9, 21.4R3-S10, 22.2R3-S7, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, or 24.2R1-S2 and later as applicable. Until patches are applied, network administrators should implement strict ingress filtering to block malformed ICMPv4 packets at network boundaries and between network segments to prevent adjacent attackers from sending exploit packets. Deploying access control lists (ACLs) to restrict ICMP traffic to trusted sources can reduce exposure. Network segmentation and isolation of critical routing infrastructure from untrusted or less secure network segments will limit the attack surface. Monitoring network devices for unusual ICMP traffic patterns and FPC restarts can provide early detection of exploitation attempts. Additionally, disabling unnecessary ICMPv4 traffic where possible can further reduce risk. Regularly reviewing Juniper security advisories and maintaining up-to-date device firmware is essential for ongoing protection.