Use After Free Vulnerability in Juniper Networks Junos OS Authentication Daemon
CVE-2026-21908

7.5HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Junos Os Evolved
Vendor
CVE Published:
15 January 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-21908?

A Use After Free vulnerability has been identified within the 802.1X authentication daemon (dot1xd) in Juniper Networks' Junos OS and Junos OS Evolved. This vulnerability could enable an authenticated, network-adjacent attacker to cause the dot1xd process to crash through a port bounce, potentially leading to a Denial of Service (DoS) condition or unauthorized code execution in the context of the affected process. The exploit relies on a timing issue related to the processing of a change in authorization (CoA), where a pointer is freed yet referenced again later, creating an opportunity for manipulation. Systems utilizing port-based network access control (PNAC) with 802.1X authentication are particularly susceptible.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS 23.2R2-S1 < 23.2R2-S5

Junos OS 23.4R2 < 23.4R2-S6

Junos OS 24.2 < 24.2R2-S3

References

https://supportportal.juniper.net/JSA106007
vendor-advisory
https://kb.juniper.net/JSA106007
vendor-advisory

CVSS V4

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.