Juniper issues emergency patch for critical PTX router RCE

   February 27, 2026  Posted in Securityaffairs
Share: XFacebookPinterestRedditVKDiggLinkedinMix


Juniper issues emergency patch for critical PTX router RCE

Pierluigi Paganini
February 27, 2026

Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers.

Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability, tracked as CVE-2026-21902 (CVSS score of 9.3), impacting PTX routers.

The company urges customers to apply the patch promptly to protect network infrastructure from potential exploitation.

The flaw resides in the On-Box Anomaly Detection framework of Junos OS Evolved on PTX Series routers and lets unauthenticated remote attackers execute code as root. The service, enabled by default, should be restricted to internal processes but can be accessed externally due to incorrect permissions, allowing full device takeover.

“An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.

The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port.” reads the advisory published by the vendor. “With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required.”

The vulnerability affects versions before 25.4R1-S1-EVO and 25.4R2-EVO, but not earlier releases or standard Junos OS. Juniper found the flaw internally and reports no active exploitation.

The vendor recommends limiting access to the vulnerable service using ACLs or firewall filters to allow only trusted hosts, or disabling the service entirely with request pfe anomalies disable as a workaround.

The company discovered the vulnerability during internal product security testing or research. Juniper SIRT is not aware of any attacks in the wild exploiting this flaw.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)





Source link