Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN232 _____________________________________________________________________ DATE : 27/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Junos OS Evolved on PTX Series versions prior to 25.4R1-S1-EVO, 25.4R2-EVO*, 26.2R1-EVO*. ===================================================================== https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902 _____________________________________________________________________ 2026-02 Out-of-Cycle Security Bulletin: Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root (CVE-2026-21902) Article ID JSA107128 Created 2026-02-25 Last Updated 2026-02-25 Product Affected This issue affects Junos OS Evolved 25.4. Affected platforms: PTX Series. Severity Critical Severity Assessment (CVSS) Score CVSS: v3.1: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS: v4.0: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Red) Problem An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. Solution The following software releases have been updated to resolve this specific issue: 25.4R1-S1-EVO, 25.4R2-EVO*, 26.2R1-EVO*, and all subsequent releases. * Future Release This issue is being tracked as 1914948 which is visible on the Customer Support website. Note: Juniper SIRT's policy is not to evaluate releases that are beyond End of Engineering (EOE) or End of Life (EOL). Workaround To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks and hosts. Please ensure such filters only permit explicitly required connections and block all others. Alternatively, this service can be disabled by 'request pfe anomalies disable'. Severity Assessment Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Modification History 2026-02-25: Initial Publication Related Information KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================