CVE-2026-21921

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 before 23.2R2-S5 Juniper Networks Junos OS versions 23.4 before 23.4R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S8-EVO Juniper Networks Junos OS Evolved versions 23.2 before 23.2R2-S5-EVO Juniper Networks Junos OS Evolved versions 23.4 before 23.4R2-EVO

Description A Use After Free issue exists in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved. A network-based attacker with low privileges can trigger a Denial-of-Service (DoS). The issue occurs when telemetry collectors frequently subscribe and unsubscribe to sensors over an extended period. This leads to telemetry-capable processes, including chassisd, rpd, and mib2d, crashing and restarting, potentially causing a complete outage until system recovery.

Recommendations Upgrade Junos OS to version 22.4R3-S8 or later. Upgrade Junos OS to version 23.2R2-S5 or later. Upgrade Junos OS to version 23.4R2 or later. Upgrade Junos OS Evolved to version 22.4R3-S8-EVO or later. Upgrade Junos OS Evolved to version 23.2R2-S5-EVO or later. Upgrade Junos OS Evolved to version 23.4R2-EVO or later.