CVE-2026-21902

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX Series versions prior to 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO

Description A critical issue exists in Juniper Networks Junos OS Evolved, specifically within the On-Box Anomaly Detection framework on PTX Series devices. This flaw, identified as CVE-2026-21902, is due to an incorrect permission assignment that allows unauthenticated, network-based attackers to execute arbitrary code as root. The vulnerable framework, intended for internal process access only, is exposed externally through a REST API listening on port 8160/TCP, built in Python, and running with root privileges. Successful exploitation grants attackers complete control over the device, potentially enabling traffic interception and network pivoting. While there is no current evidence of in-the-wild exploitation, the potential impact is significant, particularly for core network infrastructure. The service is enabled by default.

Recommendations Versions prior to 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO should be updated immediately. As a temporary workaround, consider disabling the anomaly detection service using the command request pfe anomalies disable. Restrict access to port 8160/TCP using Access Control Lists (ACLs) to trusted networks only.