CVE-2026-21902 – Juniper Networks Junos OS Evolved PTX Series Remote Code Execution

CVE-2026-21902 is a critical vulnerability with a CVSS v3.1 score of 9.8 affecting Juniper Networks Junos OS Evolved on PTX Series routers. The issue is caused by incorrect permission assignment within the On-Box Anomaly Detection framework. Although intended for internal communication, the service is enabled by default and listens on a network port, making it reachable from external sources in certain deployments.

An unauthenticated network-based attacker can send crafted requests to the exposed service and execute arbitrary code with root privileges. Successful exploitation gives full control of the device, creating serious risk for service providers and enterprises that rely on PTX routers for backbone and high-capacity routing. There are no confirmed reports of active exploitation at this time, but the remote, unauthenticated nature of the issue makes it high priority.

Juniper has released fixes in Junos OS Evolved 25.4R1-S1-EVO, 25.4R2-EVO, and later versions. Systems running vulnerable builds should be updated immediately.