Zero Day MonitorZDM

← Back to list

7.3

CVE-2026-21916PATCHED

juniper · junos os

Junos OS: A low privileged user can escalate their privileges so that they can login as root

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.

Affected Products

Vendor	Product	Versions
juniper	junos os	0, 23.4, 24.2, 24.4, 25.2

References

https://kb.juniper.net/JSA107807(vendor-advisory)

Related News (3 articles)

Tier C

VulDB25d ago

CVE-2026-21916 | Juniper Junos OS up to 25.4R0 symlink (JSA107807)

→ No new info (linked only)

Tier B

BSI Advisories26d ago

[NEU] [hoch] Juniper Patchday April 2026: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR27d ago

Multiples vulnérabilités dans les produits Juniper Networks (09 avril 2026)

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

25.4R0

CWECWE-61

PublishedApr 9, 2026

Last enriched25d agov2

Trending Score3

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple vulnerabilities in Juniper Secure Analytics

HIGHCVE-2026-33788

Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

HIGHCVE-2026-33785

Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

MEDIUMCVE-2025-30650

Junos OS: Privileged local user can gain access to a Linux-based FPC as root

HIGHCVE-2025-13914

Apstra: SSH host key validation vulnerability for managed devices

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Updated: severity, patchAvailable

Apr 10, 2026

Patch Available

Apr 13, 2026

Version History

v2

Last enriched 25d ago

v2Tier C25d ago

Updated severity to CRITICAL, corrected patch available to 25.4R0, and noted no exploit available.

severitypatchAvailable

via VulDB

v126d ago

Initial creation