216.73.216.133

CVE-2026-21921

· Published 15/01/2026 21:16 · Modified 16/01/2026 15:55

Labels: CVE-2026-21921 2026-01-15CVE-2026-21921CWE-416[email protected]

Essential information

Published
15/01/2026 21:16
Modified
16/01/2026 15:55
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered. This issue affects:  Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-EVO.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
juniper / junos os cpe:2.3:o:juniper:junos_os:<22.4R3-S8:*:*:*:*:*:*:*
juniper / junos os cpe:2.3:o:juniper:junos_os:<23.2R2-S5:*:*:*:*:*:*:*
juniper / junos os cpe:2.3:o:juniper:junos_os:<23.4R2:*:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:<22.4R3-S8-EVO:*:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:<23.2R2-S5-EVO:*:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:<23.4R2-EVO:*:*:*:*:*:*:*

References