Vulnerabilities Juniper Networks PTX Routers Affected by Critical Vulnerability An out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902. By Eduard Kovacs | February 27, 2026 (5:39 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Juniper Networks this week released an out-of-band update for its Junos OS Evolved network operating system to patch a critical vulnerability. The vulnerability, tracked as CVE-2026-21902, affects Junos OS Evolved on PTX series high-performance routers. The issue impacts the On-Box Anomaly detection framework and it can be exploited by an unauthenticated attacker with network access to execute arbitrary code with root privileges. “The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port,” Juniper said in its advisory . The company added, “With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required.” The security hole has been patched with the release of versions 25.4R1-S1-EVO and 25.4R2-EVO. Junos OS Evolved versions prior to 25.4R1-EVO and Junos OS are not affected. Advertisement. Scroll to continue reading. Juniper Networks said CVE-2026-21902 was discovered internally and there is no evidence of in-the-wild exploitation. However, it’s not uncommon for threat actors to exploit vulnerabilities in Juniper products in their attacks. CISA’s KEV catalog currently includes eight flaws whose exploitation was observed in recent years. Related : Juniper Networks Patches Critical Junos Space Vulnerabilities Related : Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers Related : Juniper Networks Patches Dozens of Junos Vulnerabilities Related : Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Google Disrupts Chinese Hackers Targeting Telecoms, Governments Medical Device Maker UFP Technologies Hit by Cyberattack SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging VMware Aria Operations Vulnerability Could Allow Remote Code Execution Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach Latest News Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking Apple iPhone and iPad Cleared for Classified NATO Use Four Risks Boards Cannot Treat as Background Noise Claude Code Flaws Exposed Developer Devices to Silent Hacking Gambit Security Emerges From Stealth With $61 Million in Funding Zyxel Patches Critical Vulnerability in Many Device Models US Sanctions Russian Exploit Broker Operation Zero Trend Micro Patches Critical Apex One Vulnerabilities Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move BreachRx has named Young-Sae Song as Chief Marketing Officer. Titania has appointed Andrew Woodford as Chief Technology Officer. Menlo Security has named Bill Robbins as Chief Executive Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email