CVE-2026-21916

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 23.2R2-S7 Juniper Networks Junos OS versions 23.4 before 23.4R2-S6 Juniper Networks Junos OS versions 24.2 before 24.2R2-S3 Juniper Networks Junos OS versions 24.4 before 24.4R2-S2 Juniper Networks Junos OS versions 25.2 before 25.2R2

Description A UNIX Symbolic Link (Symlink) Following vulnerability exists in the Command Line Interface (CLI) of Juniper Networks Junos OS. A local, authenticated attacker with low privileges can escalate their privileges to root, potentially leading to a complete system compromise. This occurs when a user performs a 'file link' operation via the CLI, and another user subsequently commits unrelated configuration changes. The first user can then log in as root.

Recommendations Update to Junos OS version 23.2R2-S7 or later. Update to Junos OS version 23.4R2-S6 or later. Update to Junos OS version 24.2R2-S3 or later. Update to Junos OS version 24.4R2-S2 or later. Update to Junos OS version 25.2R2 or later.