—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Juniper Junos OS Evolved

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Junos OS Evolved on PTX Series 25.4 – versions prior to 25.4R1-S1-EVO

Junos OS Evolved on PTX Series 25.4 – versions prior to 25.4R2-EVO

Overview

A vulnerability has been reported in Juniper Junos OS, which could allow a remote attacker to execute remote code (RCE) with root privileges.

Target Audience:

All organizations and users using Juniper Junos OS.

Risk Assessment:

High risk of remote code execution, unauthorized access of data and service disruption.

Impact Assessment:

Unauthenticated remote code execution with root privileges, potentially leading to complete system compromise, unauthorized modification of routing configurations, service disruption.

Description

Junos OS Evolved is a cloud-scale network operating system providing high availability, operational resiliency, and programmable infrastructure to support scalable and automated network deployments.

The vulnerability exists in in Juniper Networks Junos OS due to incorrect permission assignment for critical resource vulnerability which could be exploited by network-based attacker to execute code as root.

Successful exploitation of this vulnerability could allow an attacker to trigger denial of service condition, remote code execution, sensitive information disclosure and data manipulation.

Solution

Apply appropriate updates as mentioned by the vendor:

https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902

Vendor Information

Juniper Networks

https://supportportal.juniper.net/s/

References

 

https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902

CVE Name

CVE-2026-21902

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmpmgoACgkQ3jCgcSdc

ys83oxAAlv3X+uDDhXETmyxi8fOt/IkFn7L0ntkM9isPmA/4XKcL6E5ipvKRbjaf

zCluZc/5At2NE2UVLJ7zNXalryaPvfhL9PLNsZsR/9SrQFgKNZLNPimXa6ehKST9

YyI2qCXw6elr9CQgdGlSVpdOLkWGKjxPDqXIhTjMI0BwsgeIlaa1dScucv7Eo3P4

Eihtpnf3RP4epLDv0rwTcXd6I5mssFNnTDbrPeruFpnAw2uwne6cdiJtRXQwrbX+

zuiKxbgDlj3yG9o7+4YO7vkDqQOTCKSSovoco6iHzw63yWbSjGhHgnAbWDGvJn5L

6hOIsx2zFT6i4Sj2aTWgXtWsN1vhkcSVxF8Az4Nai3GjyywC87A664wrhywHwovv

etfEmby02Al6nO1sT84Ss9SwfRq4yGmVHMwX37rXfdthmXCwerWPRvSHTlq6n+sv

nMtZ+mmUFX1/P3zizzgNa5Fk5CRkETjTjpCiLAjO2mD5SLWmXjn9HfXBpSURXEG0

19bZq+mSbxwU3OUx2Q0LOG7C6cw9MKE0QlgGRH5qd8FAHw7peztx7m7lXQUOpkRO

o92nyV+tWKQU0Pl52354jcjLQrDZt2VnAvMHROkW/G7vnkp0maBAP3gmM0j/88Td

Yf0ig0ODtWNvRs4J5zHxthEPIy7Sxwh7X4/l23iCbdOLUiYmIlk=

=4+gm

—–END PGP SIGNATURE—–