What is CVE-2026-21913?

CVE-2026-21913 is a high-severity vulnerability in Juniper Networks Junos OS affecting EX4000 models. An unauthenticated network-based attacker can trigger a Denial-of-Service (DoS) condition. Immediate remediation is necessary to ensure service availability.

What is the severity of CVE-2026-21913?

CVE-2026-21913 has a severity rating of HIGH with a CVSS base score of 8.7.

CVE-2026-21913 | High Vulnerability in Juniper Junos

CVE-2026-21913 represents a high-severity vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS. This vulnerability allows an unauthenticated, network-based attacker to trigger a Denial-of-Service (DoS) condition on affected EX4000 models, specifically the EX4000-48T, EX4000-48P, and EX4000-48MP.

The vulnerability is classified as an Incorrect Initialization of Resource issue. When a high volume of traffic is directed toward these devices, it can lead to an FXPC crash and automatic restart, resulting in a complete service outage until the device recovers.

The associated CVSS score is 8.7, indicating a high severity level. Organizations running affected devices should prioritize remediation to mitigate risks stemming from potential service disruptions.

It is important to note that versions prior to 24.4R1 are not affected, as this was the initial release for the EX4000 models. The urgency for remediation is significant, given the potential for widespread disruption.

Vulnerability Details

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

This issue affects Junos OS on EX4000-48T, EX4000-48P, and EX4000-48MP models, specifically the following versions:

* 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2.

The CVSS score for this vulnerability is 8.7, classified as high severity. Organizations should address this vulnerability promptly.

Technical Analysis

The root cause of this vulnerability is the incorrect initialization of resources within the Internal Device Manager. The attack vector for this vulnerability is network-based, with a low attack complexity and no privileges required for exploitation.

No user interaction is required for an attacker to exploit this vulnerability. The availability impact is high, as successful exploitation may lead to a complete service outage.

Risk & Impact Analysis

Risk to organizations includes potential downtime and disruption of services due to the Denial-of-Service condition. The blast radius is significant, especially for organizations relying on Juniper EX4000 models in critical network infrastructure.

Given the high CVSS score and the potential for exploitation, organizations should prioritize patching immediately. The availability of services is crucial, and any interruption can lead to significant operational and financial impacts.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects the following versions of Junos OS on EX4000 models:

* 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2.

Mitigation & Remediation

Organizations should prioritize patching immediately. Updates are available to mitigate this issue. It is recommended to upgrade to the latest versions that address this vulnerability. If a patch is not immediately available, consider implementing network controls to mitigate exposure.

For comprehensive security, organizations may also consider engaging in penetration testing to assess their security posture.

Detection Guidance

Organizations should monitor logs for unusual traffic patterns targeting EX4000 models. Look for indications of service disruptions or unusual reboot messages in system logs. Behavioral anomalies, such as unexpected outages or performance degradation, should also be investigated.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of proactive vulnerability management. Security teams should continuously assess their networks for similar issues and ensure timely patching. For more insights on best practices, refer to our vulnerability management program. Additionally, understanding the evolution of vulnerabilities can aid in anticipating future risks, making resources like our penetration testing methodology essential for a comprehensive security strategy.

Finally, organizations should stay informed about emerging threats and vulnerabilities by regularly reviewing resources such as our 2025 Vulnerability Exposure Severity Trends report.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-21913: High Vulnerability in Juniper Junos