watchTowr researchers have described a vulnerability CVE-2026-21902 in Juniper Junos OS Evolved affecting PTX-series devices. The flaw stems from an incorrect permission assignment for critical resource, allowing a remote attacker to execute arbitrary code on the target system. Exploitation requires network access to the vulnerable service but does not require elevated privileges.

Successful exploitation grants the attacker command execution capabilities with root privileges. The issue is limited to PTX platforms used in backbone and data center networks where Junos OS Evolved serves as the base operating environment.

📎 Article: https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/

💬 Discuss

RCE in Junos OS Evolved (PTX Series)