CVE-2026-21908

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 23.2R2-S1 through 23.2R2-S4 Juniper Networks Junos OS versions 23.4R2 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2 through 24.2R2-S2 Juniper Networks Junos OS versions 24.4 through 24.4R2 Juniper Networks Junos OS versions 25.2 through 25.2R1-S1 Juniper Networks Junos OS Evolved versions 23.2R2-S1 through 23.2R2-S4-EVO Juniper Networks Junos OS Evolved versions 23.4R2 through 23.4R2-S5-EVO Juniper Networks Junos OS Evolved versions 24.2 through 24.2R2-S2-EVO Juniper Networks Junos OS Evolved versions 24.4 through 24.4R2-EVO Juniper Networks Junos OS Evolved versions 25.2 through 25.2R1-S1-EVO

Description A Use After Free issue exists in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved. This issue could allow a network-adjacent attacker to cause a Denial of Service (DoS) or potentially execute arbitrary code within the context of the process running as root by flapping a port. The issue occurs during the processing of a change in authorization (CoA) when a port bounce happens, where a pointer is freed and then referenced later. Successful exploitation requires specific timing of two events. The issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.

Recommendations Update Junos OS to a version after 23.2R2-S5 Update Junos OS to a version after 23.4R2-S6 Update Junos OS to a version after 24.2R2-S3 Update Junos OS to a version after 24.4R2-S1 Update Junos OS to a version after 25.2R1-S2 or 25.2R2 Update Junos OS Evolved to a version after 23.2R2-S5-EVO Update Junos OS Evolved to a version after 23.4R2-S6-EVO Update Junos OS Evolved to a version after 24.2R2-S3-EVO Update Junos OS Evolved to a version after 24.4R2-S1-EVO Update Junos OS Evolved to a version after 25.2R1-S2-EVO or 25.2R2-EVO