PT-2026-31744 · Juniper Networks · Juniper Networks Support Insights (Jsi) Virtual Lightweight Collector

Published

2026-04-09

Updated

2026-04-10

CVE-2026-21915

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) versions prior to 3.0.94

Description A permissive list of allowed input issue exists in the CLI of JSI vLWC. A local, high privileged attacker can escalate privileges to root by exploiting insufficient input validation, leading to shell command injection. Successful exploitation allows execution of shell commands with root permissions, potentially granting complete system control.

Recommendations Update to version 3.0.94 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-183

Related Identifiers

CVE-2026-21915

Affected Products

Juniper Networks Support Insights (Jsi) Virtual Lightweight Collector

PT-2026-31744 · Juniper Networks · Juniper Networks Support Insights (Jsi) Virtual Lightweight Collector

CVE-2026-21915

Weakness Enumeration

Related Identifiers

Affected Products

References · 3