A important vulnerability within the Junos OS Advanced community working system working on PTX Collection routers from Juniper Networks might permit an unauthenticated attacker to execute code remotely with root privileges.
PTX Collection routers are high-performance core and peering routers constructed for prime throughput, low latency, and scale. They’re generally utilized by web service suppliers, telecommunication companies, and cloud community functions.
The security situation is recognized as CVE-2026-21902 and is brought on by incorrect permission project within the ‘On-Field Anomaly Detection’ framework, which needs to be uncovered to inner processes solely over the inner routing interface.
Nevertheless, the glitch permits accessing the framework over an externally uncovered port, Juniper Networks explains in a security advisory.
As a result of the service runs as root and is enabled by default, profitable exploitation would permit an attacker who’s already on the community to take full management of the gadget with out authentication.
The problem impacts Junos OS Advanced variations earlier than 25.4R1-S1-EVO and 25.4R2-EVO, on PTX Collection routers. Older variations may additionally be impacted, however the vendor doesn’t assess releases which have reached the end-of-engineering or end-of-life (EoL) part.
Variations earlier than 25.4R1-EVO, and customary (non-Advanced) Junos OS variations should not impacted by CVE-2026-21902. Juniper Networks has delivered fixes in variations 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO of the product.
Juniper’s Safety Incident Response Workforce (SIRT) states that it was not conscious of malicious exploitation of the vulnerability on the time of publishing the security bulletin.
If fast patching shouldn’t be potential, the seller’s suggestion is to limit entry to the susceptible endpoints to trusted networks solely utilizing firewall filters or Entry Management Lists (ACLs). Alternatively, directors could disable the susceptible service solely utilizing:
'request pfe anomalies disable'
Juniper Networks merchandise are sometimes a gorgeous goal for superior hackers because the community tools is utilized by service suppliers requiring excessive bandwidth, akin to cloud knowledge facilities and enormous enterprises.
In March 2025, it was revealed that Chinese language cyber-espionage actors had been deploying customized backdoors on EoL Junos OS MX routers to drop a set of ‘TinyShell’ backdoor variants.
In January 2025, a malware marketing campaign dubbed ‘J-magic’ focused Juniper VPN gateways used within the semiconductor, power, manufacturing, and IT sectors, deploying network-sniffing malware that activated upon receiving a “magic packet.”
In December 2024, Juniper Networks Good routers turned targets of Mirai botnet campaigns, getting enlisted in distributed denial of service (DDoS) swarms.
Fashionable IT infrastructure strikes sooner than guide workflows can deal with.
On this new Tines information, find out how your staff can cut back hidden guide delays, enhance reliability by way of automated response, and construct and scale clever workflows on prime of instruments you already use.
