Lucene search
+L

CVE-2026-21902

🗓️ 25 Feb 2026 16:59:10Reported by juniperType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 85 Views🌐 WEB

Unauthenticated attacker can run code as root via On-Box Anomaly detection on PTX Junos OS Evolved.

Related
Detection
Affected
Refs
Paths
Social
[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX Series"
    ],
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "25.4R1-S1-EVO, 25.4R2-EVO",
        "status": "affected",
        "version": "25.4",
        "versionType": "semver"
      },
      {
        "lessThan": "25.4R1-EVO",
        "status": "unaffected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
syntaxpath/config/command/{cmd}Unauthenticated command injection via config command endpoint by supplying crafted syntax payload.CWE-732
typepath/config/command/{cmd}Unauthenticated command injection via config command endpoint by supplying crafted syntax payload.CWE-732
parsingpath/config/command/{cmd}Unauthenticated command injection via config command endpoint by supplying crafted syntax payload.CWE-732
outputspath/config/command/{cmd}Unauthenticated command injection via config command endpoint by supplying crafted syntax payload.CWE-732
startpath/config/dag/{dag}Command crafted in a DAG mapping enabling execution through a DAG workflow.CWE-732
actionspath/config/dag/{dag}Command crafted in a DAG mapping enabling execution through a DAG workflow.CWE-732
dagpath/config/dag-instance/{inst}Triggering a DAG instance that references the injected command for execution.CWE-732
enabledpath/config/dag-instance/{inst}Triggering a DAG instance that references the injected command for execution.CWE-732
platformpath/config/dag-instance/{inst}Triggering a DAG instance that references the injected command for execution.CWE-732
schedulepath/config/dag-instance/{inst}Triggering a DAG instance that references the injected command for execution.CWE-732
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 10:19Current
5.9Medium risk
Vulners AI Score5.9
CVSS 49.3
CVSS 3.19.8
EPSS0.17709
SSVC
85