Juniper Networks PTX Vulnerability Enables Full Router Takeover

An out-of-cycle security bulletin has been released by a major networking vendor to fix a serious flaw in its Junos OS Evolved software that specifically affects the PTX Series platforms. This vulnerability, known as CVE-2026-21902, gives an unauthenticated remote attacker full control over the compromised device by enabling them to run arbitrary code as the "root" user. The On-Box Anomaly detection framework's improper permission assignment is the source of the vulnerability.

This service is enabled by default and doesn't require any special configuration. Its purpose is to detect unusual activity on the device. The security advisory states that only other internal processes running within the internal routing instance should have access to the On-Box Anomaly detection framework.

Find additional exploits Cybersecurity Vulnerability evaluation service However, the service is unintentionally exposed to external traffic on an external port as a result of this vulnerability. This vulnerability can be used by a network-based attacker to gain access to and control the service, resulting in the execution of root-level code. Details of the Vulnerability PTX Series devices running Junos OS Evolved version 25.4 are particularly impacted by this problem.

Neither the standard Junos OS nor previous iterations of Junos OS Evolved are affected. This vulnerability was found during internal product security testing, according to the Juniper Security Incident Response Team (SIRT). As of right now, there is no proof of malicious, active exploitation occurring in the wild. Software updates have been made available by Juniper Networks to fix this serious flaw.

To guarantee network security and stop possible exploitation, administrators using impacted PTX Series devices are strongly encouraged to update their systems right away. Versions 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO, along with all later releases, fix the problem. Juniper has offered workarounds to reduce the risk for organizations that are unable to implement the patch right away.

To limit device access and only permit connections from trusted networks and hosts, administrators can employ firewall filters or access lists. Making sure these filters are rigorously set up to stop any unauthorized traffic is essential. As an alternative, it is possible to manually disable the susceptible On-Box Anomaly detection service.

Find out more Planning for incident response Systems for patch management Platform for threat intelligence Using the device's command-line interface, run the command "request pfe anomalies disable" to accomplish this. Upgrading to a patched release is still the suggested long-term solution, even though this lessens the immediate threat. For daily cybersecurity updates, check out LinkedIn and X.

To have your stories featured, get in touch with us.