CVE-2026-57054
Gravedad CVSS v4.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
09/07/2026
Última modificación:
09/07/2026
Descripción
*** Pendiente de traducción *** A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.<br />
<br />
<br />
<br />
If an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.<br />
<br />
This issue affects Junos OS on MX Series:<br />
<br />
<br />
* all versions before 23.2R2-S7,<br />
* 23.4 versions before 23.4R2-S8,<br />
* 24.2 versions before 24.2R2-S5,<br />
* 24.4 versions before 24.4R2-S4,<br />
* 25.2 versions before 25.2R2-S1,<br />
* 25.4 versions before 25.4R1-S2, 25.4R2.
Impacto
Puntuación base 4.0
6.90
Gravedad 4.0
MEDIA
Puntuación base 3.x
5.80
Gravedad 3.x
MEDIA



