A essential vulnerability within the Junos OS Developed community working system working on PTX Collection routers from Juniper Networks may enable an unauthenticated attacker to execute code remotely with root privileges.
PTX Collection routers are high-performance core and peering routers constructed for prime throughput, low latency, and scale. They’re generally utilized by web service suppliers, telecommunication providers, and cloud community purposes.
The safety difficulty is recognized as CVE-2026-21902 and is attributable to incorrect permission project within the ‘On-Field Anomaly Detection’ framework, which ought to be uncovered to inner processes solely over the interior routing interface.
Nonetheless, the glitch permits accessing the framework over an externally uncovered port, Juniper Networks explains in a safety advisory.
As a result of the service runs as root and is enabled by default, profitable exploitation would enable an attacker who’s already on the community to take full management of the gadget with out authentication.
The difficulty impacts Junos OS Developed variations earlier than 25.4R1-S1-EVO and 25.4R2-EVO, on PTX Collection routers. Older variations might also be impacted, however the vendor doesn’t assess releases which have reached the end-of-engineering or end-of-life (EoL) section.
Variations earlier than 25.4R1-EVO, and normal (non-Developed) Junos OS variations should not impacted by CVE-2026-21902. Juniper Networks has delivered fixes in variations 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO of the product.
Juniper’s Safety Incident Response Group (SIRT) states that it was not conscious of malicious exploitation of the vulnerability on the time of publishing the safety bulletin.
If instant patching isn’t attainable, the seller’s advice is to limit entry to the weak endpoints to trusted networks solely utilizing firewall filters or Entry Management Lists (ACLs). Alternatively, directors might disable the weak service completely utilizing:
'request pfe anomalies disable'
Juniper Networks merchandise are sometimes a sexy goal for superior hackers because the community tools is utilized by service suppliers requiring excessive bandwidth, resembling cloud information facilities and enormous enterprises.
In March 2025, it was revealed that Chinese language cyber-espionage actors have been deploying customized backdoors on EoL Junos OS MX routers to drop a set of ‘TinyShell’ backdoor variants.
In January 2025, a malware marketing campaign dubbed ‘J-magic’ focused Juniper VPN gateways used within the semiconductor, power, manufacturing, and IT sectors, deploying network-sniffing malware that activated upon receiving a “magic packet.”
In December 2024, Juniper Networks Good routers turned targets of Mirai botnet campaigns, getting enlisted in distributed denial of service (DDoS) swarms.
Trendy IT infrastructure strikes quicker than guide workflows can deal with.
On this new Tines information, find out how your crew can scale back hidden guide delays, enhance reliability via automated response, and construct and scale clever workflows on high of instruments you already use.
