Null Pointer Dereference in Juniper Networks Junos OS Management Daemon
CVE-2026-21901

6.7MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-21901?

A NULL Pointer Dereference vulnerability exists within the management daemon (mgd) of Juniper Networks' Junos OS. This issue allows local, high-privileged users to manipulate SSH configuration parameters, potentially leading to a server crash and subsequent Denial of Service (DoS). By continuously executing specific commands that exploit this null pointer dereference, attackers can maintain a DoS condition, disrupting service availability. The vulnerability affects multiple versions of both Junos OS and Junos OS Evolved, requiring users to update systems to mitigate potential risks. Available security advisories provide detailed remediation options.

Affected Version(s)

Junos OS 22.3 < 22.3R3-S5

Junos OS 22.4 < 22.4R3-S10

Junos OS 23.2 < 23.2R2-S7

References

CVSS V4

Score:
6.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Juniper SIRT would like to acknowledge and thank Orange CERT-CC from the Orange group for responsibly reporting this vulnerability.
.