Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Junos OS Evolved PTX Series routers permission flaw (CVE-2026-21902)

Vulnerability
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-21902 is a critical root RCE in Junos OS Evolved on PTX Series routers, putting exposed devices at risk of full takeover. The flaw comes from incorrect permission assignment in the On-Box Anomaly Detection framework, which should be reachable only through an internal routing interface. Juniper says fixed builds are available for affected releases, and at publication Juniper SIRT was not aware of malicious exploitation.

Related Happenings

IBM API Connect CVE-2025-13915 mitigation guidance

Advisory/Mitigation
First: 31.12.2025 12:34 Last: 31.12.2025 12:34 Sources 1

About this happening: **IBM** told customers to upgrade **IBM API Connect** to address **CVE-2025-13915**, a **critical authentication bypass** that can let **unauthenticated attackers** reach exposed...

Open Happening

WatchGuard Fireware OS CVE-2025-9242 advisory and temporary workaround

Advisory/Mitigation
First: 21.10.2025 13:42 Last: 21.10.2025 13:42 Sources 1

About this happening: WatchGuard issued a **security advisory** for **Firebox** and **Fireware OS** deployments affected by **CVE-2025-9242**, adding a **temporary workaround** for sites that cannot up...

Open Happening

Timeline

  1. 26.02.2026 18:42 2 articles · 3mo ago

    Juniper Networks discloses CVE-2026-21902 in Junos OS Evolved

    Initial Disclosure

    Juniper Networks discloses CVE-2026-21902, a critical flaw in Junos OS Evolved on PTX Series routers caused by incorrect permission assignment in the On-Box Anomaly Detection framework, which should be reachable only by internal processes through the internal routing interface. The exposed port allows an unauthenticated attacker already on the network to reach a service that runs as root and gain remote code execution with full router takeover. Affected releases are Junos OS Evolved versions before 25.4R1-S1-EVO and 25.4R2-EVO on PTX Series routers, with fixes available in 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO. If immediate patching is not possible, Juniper recommends firewall filters, Access Control Lists (ACLs), or disabling the service with request pfe anomalies disable, and Juniper's Security Incident Response Team (SIRT) was not aware of malicious exploitation at publication.

    Show sources
    Open in new tab