CVE-2026-21914 is an improper locking vulnerability classified under CWE-667 found in the GPRS Tunnelling Protocol (GTP) plugin of Juniper Networks Junos OS running on SRX Series devices. The flaw arises when the device processes a specially crafted GTP Modify Bearer Request message. This malformed message causes the system to acquire a lock that is never released, effectively blocking other threads from obtaining the same lock. As a result, the device's internal watchdog timer triggers a timeout due to the lock contention, causing the Flexible PIC Concentrator (FPC) to crash and subsequently restart. This crash leads to a complete denial-of-service (DoS) condition, interrupting all traffic passing through the affected device until recovery is complete. The vulnerability affects a broad range of Junos OS versions, including all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S3, 24.4 versions before 24.4R2-S2, and 25.2 versions before 25.2R1-S1 and 25.2R2. Exploitation requires no authentication or user interaction and can be performed remotely, making it a significant risk for network infrastructure relying on these devices. Although no public exploits have been reported yet, the vulnerability's nature and ease of exploitation warrant immediate attention. The CVSS v3.1 score of 7.5 reflects the high impact on availability with no confidentiality or integrity loss. Juniper has published patches in the specified versions to address this issue.

For European organizations, this vulnerability poses a significant risk to network availability, especially for those relying on Juniper SRX Series devices as perimeter firewalls or core network security appliances. A successful exploit can cause a complete traffic outage, disrupting business operations, critical communications, and potentially impacting services dependent on continuous network connectivity. Sectors such as telecommunications, finance, government, and critical infrastructure operators are particularly vulnerable due to their reliance on stable and secure network infrastructure. The denial-of-service condition could lead to operational downtime, financial losses, and reputational damage. Additionally, the ease of exploitation without authentication increases the threat from opportunistic attackers or automated scanning tools. Given the widespread deployment of Juniper SRX devices in Europe, the potential scale of impact is considerable, especially if attackers target multiple devices simultaneously or leverage this vulnerability as part of a larger attack campaign.

European organizations should immediately identify all Juniper SRX Series devices running affected Junos OS versions and prioritize patching to the fixed releases listed by Juniper Networks. Network administrators should apply the updates: 22.4R3-S8 or later, 23.2R2-S5 or later, 23.4R2-S6 or later, 24.2R2-S3 or later, 24.4R2-S2 or later, and 25.2R1-S1 or later. Until patches are applied, organizations should implement network-level mitigations such as filtering or rate-limiting GTP Modify Bearer Request messages from untrusted or external sources to reduce exposure. Monitoring network traffic for anomalous or malformed GTP messages can help detect attempted exploitation. Employing intrusion detection/prevention systems (IDS/IPS) with updated signatures targeting this vulnerability is recommended. Additionally, segmenting critical network infrastructure and restricting access to management interfaces can limit the attack surface. Regularly reviewing and updating incident response plans to include scenarios involving network device DoS is also advisable.