CVE-2026-21916

HIGH EPSS 2.9%

Published Apr 9, 20262mo ago · Modified Jun 17, 20261w ago

7.0 CVSS 4.0

High

Published Apr 9, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.

CVSS Details

Base Score

7.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

2.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-61

Affected Products 39

Vendor	Product	Version	Range
juniper	junos	*	<23.2
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	junos	25.2	any

References 1

kb.juniper.net https://kb.juniper.net/JSA107807

MitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.