CVE-2026-21909

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 23.2 through 23.2R2 Juniper Networks Junos OS versions 23.4 through 23.4R1-S2, 23.4R2 Juniper Networks Junos OS versions 24.1 through 24.1R2 Juniper Networks Junos OS Evolved versions 23.2 through 23.2R2-EVO Juniper Networks Junos OS Evolved versions 23.4 through 23.4R1-S2-EVO, 23.4R2-EVO Juniper Networks Junos OS Evolved versions 24.1 through 24.1R2-EVO

Description A memory leak exists in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated attacker controlling an adjacent IS-IS neighbor can trigger this issue by sending a specific update packet. Repeated processing of these packets leads to memory exhaustion, ultimately causing the rpd to crash and resulting in a Denial of Service (DoS) condition. Memory usage can be monitored using the 'show task memory detail' command. The command output includes details like TED-INFRA-COOKIE to track memory allocation.

Recommendations Update Junos OS to version 23.2R2 or later. Update Junos OS to version 23.4R1-S2 or 23.4R2 or later. Update Junos OS to version 24.1R2 or later. Update Junos OS Evolved to version 23.2R2-EVO or later. Update Junos OS Evolved to version 23.4R1-S2-EVO or 23.4R2-EVO or later. Update Junos OS Evolved to version 24.1R2-EVO or later.