CVE-2026-21918 is a double free vulnerability classified under CWE-415 found in the flow processing daemon (flowd) component of Juniper Networks Junos OS, specifically on SRX and MX Series platforms. The flaw occurs during TCP session establishment when a crafted sequence of packets triggers a double free condition in flowd's memory management. This leads to a crash of the flowd process and subsequently causes the Flexible PIC Concentrator (FPC) to restart, resulting in a denial-of-service condition. The vulnerability affects all Junos OS versions before 22.4R3-S7, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S4, and 24.2 versions before 24.2R2. The attack vector is network-based and requires no authentication or user interaction, making it relatively easy to exploit remotely. The CVSS v3.1 score is 7.5 (high), reflecting the ease of exploitation and the impact on availability, though confidentiality and integrity remain unaffected. No public exploits have been reported yet, but the potential for disruption in critical network infrastructure is significant. Juniper has not yet provided patch links, indicating that affected organizations should monitor vendor advisories closely for updates.

For European organizations, this vulnerability poses a significant risk to network availability, particularly for those relying on Juniper SRX and MX Series devices for firewalling, routing, and security gateway functions. A successful exploit could cause flowd crashes and FPC restarts, leading to temporary loss of network traffic processing and potential service outages. This can disrupt business operations, especially in sectors such as telecommunications, finance, government, and critical infrastructure where Juniper devices are commonly deployed. The lack of confidentiality or integrity impact limits data breach concerns, but the denial-of-service effect can degrade network reliability and availability, potentially affecting compliance with regulatory requirements like NIS2. The unauthenticated, remote nature of the exploit increases the threat surface, making perimeter defenses critical. Organizations with large-scale or geographically distributed Juniper deployments may experience cascading effects if multiple devices are targeted simultaneously.

Organizations should immediately inventory their Juniper SRX and MX Series devices to identify affected Junos OS versions. Until patches are released and applied, network administrators should implement strict ingress filtering and firewall rules to limit exposure to untrusted networks, especially blocking suspicious TCP session establishment packets that could trigger the vulnerability. Deploying network intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect anomalous TCP sequences targeting flowd may help mitigate exploitation attempts. Monitoring device logs for flowd crashes and FPC restarts can provide early warning of exploitation attempts. Network segmentation and redundancy can reduce the impact of potential DoS events. Once Juniper releases patches, organizations must prioritize timely updates to affected devices. Additionally, maintaining up-to-date backups and incident response plans tailored to network device outages will improve resilience.