CVE-2026-21902

CVE-2026-21902 is an Incorrect Permission Assignment for Critical Resource vulnerability (CWE-732) in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series routers. Published on 2026-02-25, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw affects Junos OS Evolved 25.4 versions prior to 25.4R1-S1-EVO and 25.4R2-EVO; it does not impact versions before 25.4R1-EVO or standard Junos OS.

An unauthenticated, network-based attacker can exploit this vulnerability by accessing the On-Box Anomaly detection framework, which is enabled by default with no configuration required and incorrectly exposed on an externally facing port instead of being limited to internal processes over the internal routing instance. Successful exploitation allows the attacker to manipulate the service and execute arbitrary code as root, resulting in complete control of the device.

Juniper's security advisories JSA107128 and support portal documentation at https://kb.juniper.net/JSA107128 and https://supportportal.juniper.net/JSA107128 outline mitigation steps, including upgrading to patched releases such as 25.4R1-S1-EVO or 25.4R2-EVO. A proof-of-concept exploit script is publicly available on GitHub at https://github.com/watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902/blob/main/watchTowr-vs-JunosEvolved-CVE-2026-21902.py.