• Home
  • cyber
  • Juniper Networks: Juniper Networks PTX Vulnerability Allows Full Router Takeover, Exposing Networks
cyber Vulnerability

Juniper Networks: Juniper Networks PTX Vulnerability Allows Full Router Takeover, Exposing Networks

Feb 27, 2026 2 min read
Juniper Networks: Juniper Networks PTX Vulnerability Allows Full Router Takeover, Exposing Networks

Juniper Networks Patches Critical PTX Series Router Vulnerability (CVE-2026-21902)

Juniper Networks has released an out-of-cycle security bulletin addressing a critical vulnerability (CVE-2026-21902) in its PTX Series routers running Junos OS Evolved. The flaw, rated 9.8 (CVSS v3.1) and 9.3 (CVSS v4.0), allows unauthenticated, remote attackers to execute arbitrary code with root privileges, enabling full device takeover.

The vulnerability stems from an incorrect permission assignment in the On-Box Anomaly Detection framework, a default-enabled service designed to monitor unusual network behavior. Due to the flaw, the framework is exposed over an externally accessible port, bypassing authentication requirements. Attackers can exploit this to gain unrestricted control, potentially intercepting traffic, altering configurations, or launching further attacks.

Affected Systems:

  • Junos OS Evolved (PTX Series only)
  • Versions: 25.4R1-EVO to 25.4R1-S1-EVO (before 25.4R1-S1-EVO) and 25.4R2-EVO
  • Unaffected: Junos OS Evolved versions before 25.4R1-EVO and standard Junos OS

Juniper discovered the issue during internal testing, with no evidence of active exploitation reported. However, due to its severity, immediate action is recommended.

Mitigation:

  • Patch: Upgrade to 25.4R1-S1-EVO, 25.4R2-EVO, 26.2R1-EVO, or later.
  • Workarounds:
    • Restrict access via firewall filters/ACLs (allowing only trusted networks).
    • Disable the vulnerable service using the CLI command: request pfe anomalies disable.

The flaw highlights risks in core network infrastructure, particularly when default services expose critical attack surfaces. Administrators are urged to prioritize updates to prevent potential compromise.

Source: https://gbhackers.com/juniper-networks-ptx-vulnerability/

Juniper Networks cybersecurity rating report: https://www.rankiteo.com/company/juniper-networks

"id": "JUN1772173422",
"linkid": "juniper-networks",
"type": "Vulnerability",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Networking and Cybersecurity',
                        'name': 'Juniper Networks',
                        'type': 'Technology Company'}],
 'attack_vector': 'Remote',
 'description': 'Juniper Networks has released an out-of-cycle security '
                'bulletin addressing a critical vulnerability (CVE-2026-21902) '
                'in its PTX Series routers running Junos OS Evolved. The flaw '
                'allows unauthenticated, remote attackers to execute arbitrary '
                'code with root privileges, enabling full device takeover. The '
                'vulnerability stems from an incorrect permission assignment '
                'in the On-Box Anomaly Detection framework, which is exposed '
                'over an externally accessible port, bypassing authentication '
                'requirements.',
 'impact': {'operational_impact': 'Full device takeover, potential traffic '
                                  'interception, configuration alteration, or '
                                  'further attacks',
            'systems_affected': 'PTX Series routers running Junos OS Evolved'},
 'investigation_status': 'Vulnerability patched, no evidence of active '
                         'exploitation reported',
 'lessons_learned': 'Highlights risks in core network infrastructure when '
                    'default services expose critical attack surfaces',
 'post_incident_analysis': {'corrective_actions': 'Patch deployment, firewall '
                                                  'configuration, service '
                                                  'disablement',
                            'root_causes': 'Incorrect permission assignment in '
                                           'the On-Box Anomaly Detection '
                                           'framework, exposure over '
                                           'externally accessible port'},
 'recommendations': 'Prioritize updates to prevent potential compromise, '
                    'restrict access to trusted networks, disable vulnerable '
                    'services if patching is not immediately possible',
 'references': [{'source': 'Juniper Networks Security Bulletin'}],
 'response': {'containment_measures': 'Upgrade to patched versions '
                                      '(25.4R1-S1-EVO, 25.4R2-EVO, 26.2R1-EVO, '
                                      'or later), restrict access via firewall '
                                      'filters/ACLs, disable vulnerable '
                                      'service using CLI command',
              'remediation_measures': 'Patch deployment, firewall '
                                      'configuration, service disablement'},
 'title': 'Juniper Networks Patches Critical PTX Series Router Vulnerability '
          '(CVE-2026-21902)',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2026-21902'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.