A critical remote code execution vulnerability (CVE-2026-21902, CVSS 9.8) in Juniper Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute arbitrary code as root. The affected versions are Junos OS Evolved 25.4 versions before 25.4R1-S1-EVO and before 25.4R2-EVO. Administrators must apply the vendor-provided patches referenced in the security bulletin.
A vulnerability has been identified in Juniper Junos OS. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Impact Remote Code Execution System / Technologies affected Junos OS Evolved on PTX Series 25.4 versions before 25.4R1-S1-EVO Junos OS Evolved on PTX Series 25.4 versions before 25.4R2-EVO Please refer to the link below for detail: https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902 Solutions Before installation of the software, please visit the vendor web-site for more details. https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902