Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-21902KEVEXPLOITED

juniper · junos_os_evolved

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-b

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

Affected Products

Vendor	Product	Versions
juniper	junos_os_evolved	—

References

https://kb.juniper.net/JSA107128(Mitigation, Vendor Advisory)
https://supportportal.juniper.net/JSA107128(Mitigation, Vendor Advisory)
https://github.com/watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902/blob/main/watchTowr-vs-JunosEvolved-CVE-2026-21902.py(Product)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-732

PublishedFeb 25, 2026

Last enriched8d ago

Trending Score0

Source articles0

Independent0

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2025-30650

Junos OS: Privileged local user can gain access to a Linux-based FPC as root

Multiple vulnerabilities in Juniper Networks products including Junos OS and Apstra

HIGHCVE-2026-33797

Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset

HIGHCVE-2026-33790

Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart.

CRITICALCVE-2026-33784

JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 25, 2026

Added to CISA KEV

Feb 25, 2026

Actively Exploited

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026