Vulnerability-Lookup

CVE-2026-21916 (GCVE-0-2026-21916)

Vulnerability from cvelistv5 – Published: 2026-04-09 21:28 – Updated: 2026-04-10 03:56

Title

Junos OS: A low privileged user can escalate their privileges so that they can login as root

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M

CWE

CWE-61 - UNIX Symbolic Link (Symlink) Following

Assigner

juniper

References

URL

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 0 , < 23.2R2-S7 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2-S2 (semver) Affected: 25.2 , < 25.2R2 (semver) Unaffected: 25.4R1

WID-SEC-W-2026-1022

Vulnerability from csaf_certbund - Published: 2026-04-08 22:00 - Updated: 2026-04-09 22:00

Summary

Juniper Patchday April 2026: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs. JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. Die Juniper MX-Serie ist eine Produktfamilie von Routern. SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper. Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen – sogar Root-Rechte – zu erlangen, beliebigen Code auszuführen – auch mit erweiterten Berechtigungen –, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder Daten zu manipulieren.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2022-24805

CVE-2025-30650

CVE-2025-59969

CVE-2026-21915

CVE-2026-21916

CVE-2026-21919

CVE-2026-33771

CVE-2026-33773

CVE-2026-33774

CVE-2026-33775

CVE-2026-33776

CVE-2026-33778

CVE-2026-33779

CVE-2026-33780

CVE-2026-33781

CVE-2026-33782

CVE-2026-33783

CVE-2026-33784

CVE-2026-33785

CVE-2026-33786

CVE-2026-33787

CVE-2026-33788

CVE-2026-33790

CVE-2026-33791

CVE-2026-33793

CVE-2026-33797

CVE-2026-21904

CVE-2025-13914

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://supportportal.juniper.net/s/global-search…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs.\r\nJUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nJunos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen \u2013 sogar Root-Rechte \u2013 zu erlangen, beliebigen Code auszuf\u00fchren \u2013 auch mit erweiterten Berechtigungen \u2013, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1022 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1022.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1022 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1022"
      },
      {
        "category": "external",
        "summary": "Juniper Patchday April 2026 vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending\u0026f-sf_primarysourcename=Knowledge\u0026f-sf_articletype=Security%20Advisories\u0026numberOfResults=100"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Apstra: SSH host key validation vulnerability for managed devices (CVE-2025-13914) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - CTP OS: Configuring password requirements does not work which permits the use of weak passwords (CVE-2026-33771) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root (CVE-2026-21915) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-JSI-Virtual-Lightweight-Collector-Shell-escape-allows-privilege-escalation-to-root-CVE-2026-21915"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting netconf sessions causes management unavailability (CVE-2026-21919) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset (CVE-2026-33797) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: CVE-2022-24805 resolved in net-SNMP vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root (CVE-2026-33791) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald (CVE-2026-33780) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information (CVE-2026-33776) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system (CVE-2026-33793) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-an-unsigned-Python-op-script-configuration-is-present-a-local-low-privileged-user-can-compromise-the-system-CVE-2026-33793"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS Evolved: Local, authenticated attackers can gain access to FPCs (CVE-2026-33788) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftman crashes (CVE-2026-33783) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart (CVE-2025-59969) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-and-PTX-Series-An-attacker-sending-crafted-multicast-packets-will-cause-evo-aftmand-evo-pfemand-to-crash-and-restart-CVE-2025-59969"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: A low privileged user can escalate their privileges so that they can login as root (CVE-2026-21916) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied (CVE-2026-33773) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed (CVE-2026-33781) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: Firewall filters on lo0. in the default routing instance are not in effect (CVE-2026-33774) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts (CVE-2026-33782) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd (CVE-2026-33775) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: Missing Authorization for specific \u0027request\u0027 CLI commands in a JDM/CSDS scenario (CVE-2026-33785) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: Privileged local user can gain access to a Linux-based FPC as root (CVE-2025-30650) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes (CVE-2026-33778) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart. (CVE-2026-33790) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication (CVE-2026-33779) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed chassisd crashes (CVE-2026-33787) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd crashes (CVE-2026-33786) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection (CVE-2026-21904) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-Space-ilpFilter-field-on-nLegacy-jsp-is-vulnerable-to-reflected-cross-site-script-injection-CVE-2026-21904"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - vLWC: Default password is not required to be changed which allows unauthorized high-privileged access (CVE-2026-33784) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Patchday April 2026: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-10T07:05:13.126+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1022",
      "initial_release_date": "2026-04-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-21088, EUVD-2026-21086, EUVD-2026-21091, EUVD-2026-21090, EUVD-2026-21085, EUVD-2026-21092, EUVD-2026-21080, EUVD-2026-21082, EUVD-2026-21078, EUVD-2026-21077, EUVD-2025-209396, EUVD-2026-21095, EUVD-2026-21206, EUVD-2026-21205, EUVD-2026-21204, EUVD-2026-21203, EUVD-2026-21201, EUVD-2026-21199, EUVD-2026-21197, EUVD-2026-21196, EUVD-2026-21195, EUVD-2025-209397, EUVD-2026-21093, EUVD-2026-21207, EUVD-2026-21193, EUVD-2026-21208"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.1.1",
                "product": {
                  "name": "Juniper Apstra \u003c6.1.1",
                  "product_id": "T052563"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.1",
                "product": {
                  "name": "Juniper Apstra 6.1.1",
                  "product_id": "T052563-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:apstra:6.1.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Apstra"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "OS",
                "product": {
                  "name": "Juniper JUNOS OS",
                  "product_id": "T052565",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS Evolved",
                "product": {
                  "name": "Juniper JUNOS OS Evolved",
                  "product_id": "T052566",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_evolved"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c24.1R5 Patch V3",
                "product": {
                  "name": "Juniper Junos Space \u003c24.1R5 Patch V3",
                  "product_id": "T052571"
                }
              },
              {
                "category": "product_version",
                "name": "24.1R5 Patch V3",
                "product": {
                  "name": "Juniper Junos Space 24.1R5 Patch V3",
                  "product_id": "T052571-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:24.1r5_patch_v3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          },
          {
            "category": "product_name",
            "name": "Juniper MX Series",
            "product": {
              "name": "Juniper MX Series",
              "product_id": "T052568",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:mx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper QFX Series",
            "product": {
              "name": "Juniper QFX Series",
              "product_id": "T052567",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:qfx:os_evolved"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper SRX Series",
            "product": {
              "name": "Juniper SRX Series",
              "product_id": "T052569",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:srx_service_gateways:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24805",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2022-24805"
    },
    {
      "cve": "CVE-2025-30650",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-30650"
    },
    {
      "cve": "CVE-2025-59969",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-59969"
    },
    {
      "cve": "CVE-2026-21915",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21915"
    },
    {
      "cve": "CVE-2026-21916",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21916"
    },
    {
      "cve": "CVE-2026-21919",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21919"
    },
    {
      "cve": "CVE-2026-33771",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33771"
    },
    {
      "cve": "CVE-2026-33773",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33773"
    },
    {
      "cve": "CVE-2026-33774",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33774"
    },
    {
      "cve": "CVE-2026-33775",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33775"
    },
    {
      "cve": "CVE-2026-33776",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33776"
    },
    {
      "cve": "CVE-2026-33778",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33778"
    },
    {
      "cve": "CVE-2026-33779",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33779"
    },
    {
      "cve": "CVE-2026-33780",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33780"
    },
    {
      "cve": "CVE-2026-33781",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33781"
    },
    {
      "cve": "CVE-2026-33782",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33782"
    },
    {
      "cve": "CVE-2026-33783",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33783"
    },
    {
      "cve": "CVE-2026-33784",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33784"
    },
    {
      "cve": "CVE-2026-33785",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33785"
    },
    {
      "cve": "CVE-2026-33786",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33786"
    },
    {
      "cve": "CVE-2026-33787",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33787"
    },
    {
      "cve": "CVE-2026-33788",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33788"
    },
    {
      "cve": "CVE-2026-33790",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33790"
    },
    {
      "cve": "CVE-2026-33791",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33791"
    },
    {
      "cve": "CVE-2026-33793",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33793"
    },
    {
      "cve": "CVE-2026-33797",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33797"
    },
    {
      "cve": "CVE-2026-21904",
      "product_status": {
        "known_affected": [
          "T052571"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21904"
    },
    {
      "cve": "CVE-2025-13914",
      "product_status": {
        "known_affected": [
          "T052563"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-13914"
    }
  ]
}

FKIE_CVE-2026-21916

Vulnerability from fkie_nvd - Published: 2026-04-09 22:16 - Updated: 2026-04-09 22:16

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://kb.juniper.net/JSA107807

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\n\nWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\n\nThis issue affects Junos OS:\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2.\n\n\nThis issue does not affect versions 25.4R1 or later."
    }
  ],
  "id": "CVE-2026-21916",
  "lastModified": "2026-04-09T22:16:24.953",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-09T22:16:24.953",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://kb.juniper.net/JSA107807"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}

CERTFR-2026-AVI-0408

Vulnerability from certfr_avis - Published: 2026-04-09 - Updated: 2026-04-09

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Junos OS versions 24.2 antérieures à 24.2R2-S4 sur SRX Series et MX Series
Juniper Networks	N/A	Junos OS versions 24.4R2 antérieures à 24.4R2-S3
Juniper Networks	N/A	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S8-EVO
Juniper Networks	N/A	Junos OS versions 22.4 antérieures à 22.4R3-S9 sur SRX Series
Juniper Networks	N/A	Junos OS Evolved versions 22.4R3 antérieures à 22.4R3-S8-EVO
Juniper Networks	N/A	Junos OS Evolved versions antérieures à 21.2R3-S8-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202
Juniper Networks	N/A	Junos OS versions 24.4R1 antérieures à 24.4R1-S3
Juniper Networks	N/A	Junos OS Evolved versions 24.4R1-EVO antérieures à 24.4R1-S3-EVO
Juniper Networks	N/A	Junos OS versions 21.4 antérieures à 21.4R3-S12 sur SRX Series
Juniper Networks	N/A	Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S7-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202
Juniper Networks	N/A	Junos OS versions 23.4 antérieures à 23.4R2-S7
Juniper Networks	N/A	Junos OS versions 24.2 antérieures à 24.2R2-S3 sur SRX Series
Juniper Networks	N/A	Junos OS versions antérieures à 23.2R2-S6 sur SRX Series et MX Series
Juniper Networks	N/A	Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202
Juniper Networks	N/A	Junos OS Evolved versions 22.4R3 antérieures à 22.4R3-S9-EVO sur PTX Series
Juniper Networks	N/A	Junos OS versions 23.4 antérieures à 23.4R2-S7 sur SRX Series
Juniper Networks	N/A	Junos OS versions 25.2R2 antérieures à 25.2R2
Juniper Networks	N/A	Junos OS versions 25.2R1 antérieures à 25.2R1-S2
Juniper Networks	N/A	Junos OS versions antérieures à 23.4R2-S7 sur SRX Series et MX Series
Juniper Networks	N/A	Junos OS versions 24.2R2 antérieures à 24.2R2-S4
Juniper Networks	N/A	Junos OS versions 23.2 antérieures à 23.2R2-S6 sur SRX Series
Juniper Networks	N/A	Junos OS Evolved versions 25.2R2-EVO antérieures à 25.2R2-EVO
Juniper Networks	N/A	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S4-EVO
Juniper Networks	N/A	Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202
Juniper Networks	N/A	Junos OS versions 21.2R3 antérieures à 21.2R3-S10 sur SRX Series
Juniper Networks	N/A	Junos OS versions 22.4 antérieures à 22.4R3-S9 sur SRX Series et MX Series
Juniper Networks	N/A	Junos OS versions 25.2 antérieures à 25.2R2 sur SRX Series et MX Series
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S5-EVO
Juniper Networks	N/A	Junos OS versions 23.2R2 antérieures à 23.2R2-S7
Juniper Networks	N/A	JSI vLWC versions antérieures à 3.0.94
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S6-EVO sur PTX Series
Juniper Networks	N/A	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202
Juniper Networks	N/A	Junos OS versions 22.2 antérieures à 22.2R3-S8 sur SRX Series
Juniper Networks	N/A	Junos OS versions 22.4R3 antérieures à 22.4R3-S9
Juniper Networks	N/A	Junos OS Evolved versions 25.2R1-EVO antérieures à 25.2R1-S2-EVO
Juniper Networks	N/A	Junos OS Evolved versions 24.4R2-EVO antérieures à 24.4R2-S3-EVO
Juniper Networks	N/A	Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA107868	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107864	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107863	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107823	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107822	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107872	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107869	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107821	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107865	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107810	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107871	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107820	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107815	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA106019	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107850	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107866	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107873	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107874	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107875	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107807	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107806	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA106016	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107819	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107862	2026-04-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA107870	2026-04-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S4 sur SRX Series et MX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.4R2 ant\u00e9rieures \u00e0 24.4R2-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S9 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4R3 ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.4R1 ant\u00e9rieures \u00e0 24.4R1-S3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4R1-EVO ant\u00e9rieures \u00e0 24.4R1-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S12 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S7-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S3 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 23.2R2-S6 sur SRX Series et MX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4R3 ant\u00e9rieures \u00e0 22.4R3-S9-EVO sur PTX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S7 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 25.2R2 ant\u00e9rieures \u00e0 25.2R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 25.2R1 ant\u00e9rieures \u00e0 25.2R1-S2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 23.4R2-S7 sur SRX Series et MX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2R2 ant\u00e9rieures \u00e0 24.2R2-S4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S6 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 25.2R2-EVO ant\u00e9rieures \u00e0 25.2R2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S4-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.2R3 ant\u00e9rieures \u00e0 21.2R3-S10 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS  versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S9 sur SRX Series et MX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 25.2 ant\u00e9rieures \u00e0 25.2R2 sur SRX Series et MX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S5-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2R2 ant\u00e9rieures \u00e0 23.2R2-S7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": " JSI vLWC versions ant\u00e9rieures \u00e0 3.0.94",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S6-EVO sur PTX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S8 sur SRX Series ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4R3 ant\u00e9rieures \u00e0 22.4R3-S9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 25.2R1-EVO ant\u00e9rieures \u00e0 25.2R1-S2-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4R2-EVO ant\u00e9rieures \u00e0 24.4R2-S3-EVO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-33773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33773"
    },
    {
      "name": "CVE-2026-33785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33785"
    },
    {
      "name": "CVE-2026-33780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33780"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2026-21919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21919"
    },
    {
      "name": "CVE-2026-33771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33771"
    },
    {
      "name": "CVE-2025-30650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30650"
    },
    {
      "name": "CVE-2026-33797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33797"
    },
    {
      "name": "CVE-2026-33779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33779"
    },
    {
      "name": "CVE-2025-13914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13914"
    },
    {
      "name": "CVE-2026-33784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33784"
    },
    {
      "name": "CVE-2026-33786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33786"
    },
    {
      "name": "CVE-2026-33776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33776"
    },
    {
      "name": "CVE-2026-21916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21916"
    },
    {
      "name": "CVE-2026-33781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33781"
    },
    {
      "name": "CVE-2026-33787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33787"
    },
    {
      "name": "CVE-2026-33778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33778"
    },
    {
      "name": "CVE-2026-33791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33791"
    },
    {
      "name": "CVE-2026-33790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33790"
    },
    {
      "name": "CVE-2026-33783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33783"
    },
    {
      "name": "CVE-2026-33774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33774"
    },
    {
      "name": "CVE-2026-33775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33775"
    },
    {
      "name": "CVE-2026-33788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33788"
    },
    {
      "name": "CVE-2026-33782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33782"
    },
    {
      "name": "CVE-2026-21915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21915"
    }
  ],
  "initial_release_date": "2026-04-09T00:00:00",
  "last_revision_date": "2026-04-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0408",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107868",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107864",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107863",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107823",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107822",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107872",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107869",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107821",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107865",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107810",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107871",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107820",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107815",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA106019",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107850",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107866",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107873",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107874",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107875",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107807",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107806",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA106016",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-JSI-Virtual-Lightweight-Collector-Shell-escape-allows-privilege-escalation-to-root-CVE-2026-21915"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107819",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107862",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914"
    },
    {
      "published_at": "2026-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107870",
      "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783"
    }
  ]
}

GHSA-X5G9-73R3-VH5H

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30

Details

When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root.

This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2.

This issue does not affect versions 25.4R1 or later.

Severity ?

7.3 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.0 (High)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-21916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-09T22:16:24Z",
    "severity": "HIGH"
  },
  "details": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\n\nWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\n\nThis issue affects Junos OS:\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2.\n\n\nThis issue does not affect versions 25.4R1 or later.",
  "id": "GHSA-x5g9-73r3-vh5h",
  "modified": "2026-04-10T00:30:29Z",
  "published": "2026-04-10T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21916"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA107807"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-21916 (GCVE-0-2026-21916)

WID-SEC-W-2026-1022

FKIE_CVE-2026-21916

CERTFR-2026-AVI-0408

Solutions

GHSA-X5G9-73R3-VH5H

Tags

Sightings

Nomenclature