CVE-2026-21906 is a vulnerability classified under CWE-755 (Improper Handling of Exceptional Conditions) affecting the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. The flaw arises when the device is configured with PowerMode IPsec (PMI)—a default mode that enhances IPsec performance using Vector Packet Processing—and GRE performance acceleration is enabled. Under these conditions, receiving a specially crafted ICMP packet encapsulated within a GRE tunnel triggers an unhandled exceptional condition in the PFE, causing it to crash and subsequently restart. This crash leads to a temporary denial of service by interrupting traffic forwarding. The vulnerability affects multiple Junos OS versions before the patched releases 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2-S1, and 25.2R1-S1/25.2R2. Exploitation is network-based, requires no authentication or user interaction, and targets specific SRX platforms supporting PMI with GRE acceleration. The vulnerability does not compromise confidentiality or integrity but impacts availability by causing PFE crashes. No public exploits have been reported yet, but the ease of triggering the crash and the default enabling of PMI increase the risk. Juniper has published patches in the specified versions to address this issue.

For European organizations, the primary impact is a denial-of-service condition on SRX Series firewalls or routers running vulnerable Junos OS versions with PMI and GRE performance acceleration enabled. This can disrupt critical network traffic, potentially affecting business continuity, especially for organizations relying on SRX devices for perimeter security, VPN termination, or traffic routing. The attack requires no authentication and can be launched remotely, increasing the risk of exploitation by threat actors. Disruption of traffic could impact sectors such as finance, telecommunications, government, and critical infrastructure, where Juniper SRX devices are commonly deployed. The temporary loss of availability could lead to operational downtime, loss of productivity, and potential cascading effects on dependent services. While confidentiality and integrity are not directly affected, the denial of service could be leveraged as part of a broader attack strategy or to cause reputational damage.

Organizations should immediately verify if their Juniper SRX devices run affected Junos OS versions and have PMI enabled (default) along with GRE performance acceleration enabled (which requires explicit configuration). The most effective mitigation is to upgrade Junos OS to the fixed versions listed by Juniper for each affected release branch. If immediate patching is not feasible, consider disabling GRE performance acceleration to prevent exploitation. Network administrators should monitor for unusual ICMP traffic patterns, especially ICMP packets traversing GRE tunnels, and implement filtering or rate limiting where possible. Deploying intrusion detection/prevention systems with signatures for anomalous ICMP GRE traffic could help detect exploitation attempts. Regularly review device configurations to ensure only necessary features are enabled. Additionally, segmenting management and critical network paths can reduce exposure. Maintain up-to-date backups and incident response plans to quickly recover from potential outages caused by exploitation.