# CVE-2026-21902

> Critical pre-authentication remote code execution vulnerability in Juniper Networks PTX Series routers running Junos OS Evolved. The On-Box Anomaly Detection Framework's Python REST API binds to all interfaces (0.0.0.0:8160/TCP) instead of localhost, allowing unauthenticated attackers to execute arbitrary commands as root via crafted DAG workflow definitions.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 0.1%
- **CWE:** CWE-276, CWE-732

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-21902
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp