A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.
Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE 25 1072 28 1184 229 user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE 31 1360 34 1472 307
This issue affects: Junos OS: * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.1 before 24.1R2; Junos OS Evolved: * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
Organizations should prioritize patching immediately to prevent exploitation.
Vulnerability Details
The vulnerability identified as CVE-2026-21909 is rated as high severity with a CVSS score of 7.1. The official description indicates a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) used in Juniper Networks Junos OS and Junos OS Evolved. The vulnerability allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet that causes a memory leak.
The affected versions include Junos OS from 23.2 before 23.2R2, 23.4 before 23.4R1-S2, and 24.1 before 24.1R2; as well as Junos OS Evolved from 23.2 before 23.2R2-EVO, 23.4 before 23.4R1-S2-EVO, and 24.1 before 24.1R2-EVO.
Technical Analysis
The root cause of the vulnerability stems from improper memory management in the rpd process. Attackers may leverage this vulnerability by sending specially crafted packets to the affected systems, leading to increased memory consumption. The attack vector is adjacent, requiring the attacker to have a network presence on the same local segment as the target system.
The vulnerability has low attack complexity, meaning that successful exploitation does not require advanced skills or resources. Additionally, no privileges are required to exploit this vulnerability, and user interaction is not necessary.
The impact on availability is high, as exploitation can lead to critical service outages. In this case, the confidentiality and integrity impacts are none, as the exploit does not compromise data security.
Risk & Impact Analysis
Risk to organizations includes significant disruption of services due to the Denial of Service condition, which can affect operational continuity, customer satisfaction, and overall business reputation. The blast radius may extend to all devices within the same network segment, increasing the urgency for organizations to address this vulnerability.
Given the CVSS score of 7.1, organizations should address this vulnerability in priority patch cycles. The EPSS score of 0.000080000 indicates a very low probability of exploitation in the wild, but organizations should not rely solely on this metric.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
Affected versions include: Junos OS: * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.1 before 24.1R2; Junos OS Evolved: * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, * from 24.1 before 24.1R2-EVO.
Mitigation & Remediation
Organizations should prioritize patching immediately. Ensure that systems are updated to versions that are not affected by this vulnerability. For remediation, organizations can apply the latest patches from Juniper Networks. In case patches are not available, employing network controls to limit the exposure of vulnerable systems may be necessary.
Detection Guidance
Monitor logs for unusual memory usage patterns using commands such as 'show task memory detail'. Additionally, track network traffic for potential exploitation attempts targeting the routing protocol daemon.
AppSecure Threat Intelligence Insight
The long-term significance of this vulnerability highlights the need for robust memory management practices in network protocols. Security teams should view this incident as a reminder of the importance of proactive vulnerability management and timely patching. As network infrastructures evolve, organizations must prioritize the implementation of stringent security controls and regular assessments.
For further insights into strengthening network security, organizations can explore our resources on penetration testing and best practices.
Monitoring and detection strategies should be updated to account for vulnerabilities like CVE-2026-21909, ensuring that organizations remain resilient against potential threats.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)