Null Pointer Dereference in Juniper Networks Junos OS Management Daemon
CVE-2026-21901
What is CVE-2026-21901?
A NULL Pointer Dereference vulnerability exists within the management daemon (mgd) of Juniper Networks' Junos OS. This issue allows local, high-privileged users to manipulate SSH configuration parameters, potentially leading to a server crash and subsequent Denial of Service (DoS). By continuously executing specific commands that exploit this null pointer dereference, attackers can maintain a DoS condition, disrupting service availability. The vulnerability affects multiple versions of both Junos OS and Junos OS Evolved, requiring users to update systems to mitigate potential risks. Available security advisories provide detailed remediation options.
Affected Version(s)
Junos OS 22.3 < 22.3R3-S5
Junos OS 22.4 < 22.4R3-S10
Junos OS 23.2 < 23.2R2-S7
References
CVSS V4
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved