Memory Leak Vulnerability in Juniper Networks Junos OS and Junos OS Evolved
CVE-2026-21909

7.1HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 15 January 2026

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-21909?

A vulnerability in Juniper Networks' routing protocol daemon (rpd) within Junos OS and Junos OS Evolved allows an unauthenticated attacker positioned as an adjacent IS-IS neighbor to exploit the system by sending specific update packets. This results in a memory leak that can exhaust system resources, leading to a Denial of Service (DoS) condition, which can disrupt normal network operations. It is crucial for users to regularly monitor memory usage to mitigate the impact of this vulnerability.

Affected Version(s)

Junos OS 23.2 < 23.2R2

Junos OS 23.4 < 23.4R1-S2, 23.4R2

Junos OS 24.1 < 24.1R2

References

https://supportportal.juniper.net/JSA106008

vendor-advisory

https://kb.juniper.net/JSA106008

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 15, 2026
Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21909 Data

JSON