Critical Juniper PTX router vulnerability allows root-level code execution

A critical vulnerability in Juniper Networks' PTX Series routers running Junos OS Evolved could allow an unauthenticated attacker to execute code remotely with root privileges. This issue, identified as CVE-2026-21902, stems from an incorrect permission assignment within the "On-Box Anomaly Detection" framework. The framework, intended for internal use only, is inadvertently accessible via an externally exposed port, as reported by Bleeping Computer.

The vulnerability affects specific versions of Junos OS Evolved on PTX Series routers, which are high-performance core and peering routers crucial for internet service providers, telecommunication services, and cloud network applications. Because the vulnerable service runs with root privileges and is enabled by default, a successful exploit would grant an attacker already on the network complete control of the device without needing any credentials. Juniper Networks has released patches in versions 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO. For immediate mitigation, Juniper recommends restricting access to vulnerable endpoints via firewall filters or ACLs, or disabling the service with the command "request pfe anomalies disable."

Juniper's PTX routers are attractive targets for sophisticated attackers due to their role in high-bandwidth networks. The company's advisory comes amid a history of targeted attacks on its equipment, including custom backdoors found on EoL routers and malware campaigns targeting VPN gateways.

Source: Bleeping Computer