Juniper RCE Vulnerability (CVE-2026-21902) [PoC]

Overview

A critical security vulnerability has been identified in specific versions of Juniper Networks Junos OS Evolved running on PTX Series devices. This flaw allows an unauthenticated attacker on the network to execute malicious code with the highest level of system privileges (root), leading to a complete compromise of the affected device.

Vulnerability Explained Simply

The affected devices have a built-in diagnostic service called the On-Box Anomaly detection framework. This service is enabled by default and is designed to be accessed only by other internal system processes. Due to an incorrect security setting, this service is unintentionally exposed over the network. Because it lacks proper authentication, a remote attacker can send specially crafted commands to this exposed service, tricking the device into running unauthorized code with full administrative control.

Potential Impact

The impact of this vulnerability is severe. A successful exploit would grant an attacker complete control over the PTX Series device. This could allow them to:

• Intercept, modify, or block network traffic.
• Disrupt network operations, causing widespread outages.
• Use the compromised device as a foothold to attack other systems within the network.
• Permanently damage the device’s configuration or software.

Given that the vulnerable service is on by default and the attacker requires no credentials, this poses a significant risk to any exposed, affected device.

Remediation and Mitigation

The primary and most effective action is to apply the relevant software update provided by Juniper Networks.

Affected Software Versions:

• Junos OS Evolved 25.4 versions before 25.4R1-S1-EVO
• Junos OS Evolved 25.4R2-EVO

Recommended Action: Upgrade to a fixed version of Junos OS Evolved. For the 25.4 release train, upgrade to version 25.4R1-S1-EVO or a subsequent release.

Important Notes:

• This issue only affects Junos OS Evolved on PTX Series.
• It does not affect the standard Junos OS.
• It does not affect Junos OS Evolved versions before 25.4R1-EVO.

If immediate patching is not possible, you should:

1. Restrict Access: Ensure that management interfaces and the device itself are not unnecessarily exposed to untrusted networks, especially the internet. Use firewall rules and access control lists (ACLs) to limit inbound connections to trusted administrative sources only.
2. Monitor for Compromise: Review device logs for any unusual or unauthorized configuration changes, unexpected outbound connections, or other signs of malicious activity.

You should obtain the official fixed software and detailed upgrade instructions directly from the Juniper Networks support portal.