Input Validation Flaw in Juniper Networks Support Insights Product
CVE-2026-21915

8.4HIGH

Key Information:

Vendor: Juniper Networks
Status: Jsi Lwc
Vendor: CVE Published:; 9 April 2026

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-21915?

A vulnerability exists in the Command Line Interface (CLI) of Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) that allows a local attacker with high privileges to escalate their access to root. The CLI fails to adequately validate inputs, making it susceptible to shell command injection. This allows unauthorized commands to be executed with root-level permissions, potentially compromising the entire system. This issue impacts all JSI vLWC versions prior to 3.0.94.

Affected Version(s)

JSI LWC vLWC 0 < 3.0.94

References

https://kb.juniper.net/JSA106016

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 9, 2026
Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21915 Data

JSON