Critical Root RCE Vulnerability Patched in Juniper PTX Series Routers
Take action: If you are using Junos OS Evolved, this is important. Either immediately patch your PTX Series routers or disable the 'On-Box Anomaly Detection' service. Depending on configuration, review if you can isolate the network devices from the public internet to mitigate the impact.
Learn More
Juniper Networks released an out-of-cycle security advisory to patch a critical vulnerability in Junos OS Evolved affecting PTX Series routers. Because PTX Series routers serve as high-performance core and peering infrastructure for internet service providers and cloud networks, a compromise could lead to a total takeover of critical telecommunications hardware.
The flaw is tracked as CVE-2026-21902 (CVSS score 9.8) - An incorrect permission assignment vulnerability within the 'On-Box Anomaly Detection' framework. This service is designed to communicate only over internal routing interfaces but is mistakenly exposed on an external port. An attacker can reach this framework over the network and use the lack of authentication to run commands as the root user, bypassing all standard security controls to gain full system control.
Affected versions are Junos OS Evolved version 25.4 on PTX Series platforms prior to 25.4R1-S1-EVO and 25.4R2-EVO. Juniper noted that standard (non-Evolved) Junos OS and versions earlier than 25.4R1-EVO are not impacted by this specific flaw. The vendor does not evaluate products that have reached end-of-life status.
Juniper recommends that administrators immediately update to patched versions 25.4R1-S1-EVO, 25.4R2-EVO, or 26.2R1-EVO. If patching is not immediately possible, organizations should use firewall filters or Access Control Lists (ACLs) to restrict access to trusted networks only. Alternatively, the vulnerable service can be completely disabled by running the command 'request pfe anomalies disable' on the affected devices.
