A critical vulnerability in Juniper Networks Junos OS Evolved, identified as CVE-2026-21902, is being actively exploited in the wild, posing a significant risk to PTX Series routers. This flaw, which has a CVSS score of 9.8, allows unauthenticated, network-based attackers to execute code as root due to incorrect permission assignments in the On-Box Anomaly detection framework.
The vulnerability, published on February 25, 2026, has already seen exploitation within 16 days of its disclosure, highlighting the urgency for organizations to address this security gap. The flaw's exploitation potential is underscored by the availability of a proof-of-concept exploit, which further increases the risk of full device takeover by malicious actors.
The Junos OS Evolved's On-Box Anomaly detection framework, intended to monitor and mitigate network anomalies, inadvertently grants excessive permissions, enabling attackers to gain root access. This access could allow them to manipulate network traffic, exfiltrate sensitive data, or disrupt network operations entirely.
Given the critical nature of this vulnerability, organizations using affected Juniper Networks PTX Series routers are urged to implement mitigation steps immediately. While specific patch details were not disclosed, the SSVC rating of 'attend' indicates that immediate attention and remediation are necessary to prevent potential exploitation.
Security teams should prioritize reviewing their Junos OS Evolved deployments, ensuring that any available patches are applied promptly and that network monitoring is enhanced to detect any signs of exploitation. With the EPSS score at a low 0.001, the likelihood of exploitation might seem minimal, but the active exploitation in the wild suggests otherwise, necessitating swift action from network administrators.
CSURFACE