Juniper Networks has released an urgent security update to address a severe flaw in its Junos OS Evolved software impacting PTX Series routers. This vulnerability, labeled CVE-2026-21902, allows remote attackers to gain root-level access, posing a significant risk to affected systems.
Understanding the Vulnerability
The flaw arises from incorrect permission settings in the On-Box Anomaly detection framework, which is enabled by default. This feature should be restricted to internal processes only, but due to the flaw, it is exposed to external networks, allowing unauthorized access and control.
Specifically, the issue affects Junos OS Evolved version 25.4 on PTX Series devices. Earlier versions and standard Junos OS are not impacted. Discovered during internal security assessments, there are no reports of this vulnerability being exploited in real-world scenarios yet.
Mitigation and Updates
Juniper Networks has promptly issued software patches to rectify this critical issue. Administrators using affected PTX Series should upgrade without delay to secure their networks. The vulnerability is patched in versions 25.4R1-S1-EVO, 25.4R2-EVO, 26.2R1-EVO, and later releases.
For those unable to apply updates immediately, temporary mitigations include employing access lists or firewall filters to restrict device access strictly to trusted sources. Alternatively, the On-Box Anomaly detection feature can be disabled via command-line instructions.
Future Security Assurance
While disabling the feature offers temporary relief, updating to a patched version is the best long-term security strategy. Juniper’s Security Incident Response Team (SIRT) continues to monitor the situation to provide further guidance if necessary.
Stay informed about the latest in cybersecurity by following us on Google News, LinkedIn, and X. For more details or to share your stories, contact us directly.
