Threat Intelligence / CVE / CVE-2026-21902

CVE-2026-21902

CVSS 9.8 (CRITICAL) · EPSS 0.1%

Critical pre-authentication remote code execution vulnerability in Juniper Networks PTX Series routers running Junos OS Evolved. The On-Box Anomaly Detection Framework's Python REST API binds to all interfaces (0.0.0.0:8160/TCP) instead of localhost, allowing unauthenticated attackers to execute arbitrary commands as root via crafted DAG workflow definitions.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-276, CWE-732

Threats tracking this CVE

CVE-2026-21902: Juniper PTX Series Junos OS Evolved Unauthenticated Remote Code Execution as Root via On-Box Anomaly Detection Framework (CVSS 9.8) — CRITICAL

Full detection coverage & IOCs for threats exploiting CVE-2026-21902 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence