CVE-2026-21921: High Vulnerability in Juniper Junos OS

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered. This vulnerability affects all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, and 23.4 versions before 23.4R2 for Junos OS; and all versions before 22.4R3-S8-EVO, 23.2 versions before 23.2R2-S5-EVO, and 23.4 versions before 23.4R2-EVO for Junos OS Evolved.

The vulnerability has a CVSS score of 7.1, categorized as high severity. Risk to organizations includes potential outages leading to significant disruptions in network services. Organizations should prioritize patching immediately.

Currently, there is no known public exploit or proof of concept available. However, the absence of known exploits does not diminish the urgency of applying the patch, as network-based attackers could leverage this vulnerability to disrupt services.

Considering the current threat landscape and the potential for exploitation, organizations using affected versions of Junos OS and Junos OS Evolved must address this vulnerability as part of their immediate security measures.

Vulnerability Details

The official CVE description states: A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS).

This vulnerability has been classified under CWE-416, indicating a failure in memory management that can be exploited when the memory is accessed after it has been freed.

As of its publication on January 15, 2026, the vulnerability has not been officially scored by EPSS, but the CVSS score of 7.1 indicates a high severity level.

Technical Analysis

The root cause of this vulnerability stems from improper memory management within the chassisd process. The exploitation of this vulnerability can occur when telemetry collectors subscribe and unsubscribe to sensors in rapid succession, resulting in the chassisd process crashing.

The attack vector is network-based, allowing attackers to exploit the vulnerability without requiring physical access to the device. The attack complexity is low, with attackers needing only low privileges to execute the denial of service. User interaction is not required for this vulnerability to be exploited.

The confidentiality impact is considered none, while the integrity impact is also none. The availability impact is high, as a successful exploit can lead to significant service interruptions.

Risk & Impact Analysis

Risk to organizations includes potential outages leading to significant disruptions in network services. Given the continuous nature of the exploit, organizations may experience repeated service interruptions, which could impact business operations and customer satisfaction.

The urgency for remediation is high, given the CVSS score of 7.1, indicating a critical need for organizations to prioritize the application of patches. Failure to address this vulnerability may expose organizations to increased risk of network disruption and potential reputational damage.

Organizations should consider the potential blast radius of this vulnerability, especially in environments where Junos OS and Junos OS Evolved are deployed extensively.

Exploitation Status

Affected Versions

This vulnerability affects all versions of Junos OS before 22.4R3-S8, 23.2 versions before 23.2R2-S5, and 23.4 versions before 23.4R2. For Junos OS Evolved, all versions before 22.4R3-S8-EVO, 23.2 versions before 23.2R2-S5-EVO, and 23.4 versions before 23.4R2-EVO are impacted.

Mitigation & Remediation

Organizations should update to the following versions to mitigate the vulnerability: Junos OS 22.4R3-S8 or later, Junos OS 23.2R2-S5 or later, and Junos OS 23.4R2 or later for affected versions. For Junos OS Evolved, update to 22.4R3-S8-EVO or later, 23.2R2-S5-EVO or later, and 23.4R2-EVO or later.

If patches are not immediately available, organizations should consider implementing network controls to limit access to the affected services and monitor for unusual activity that may indicate attempts to exploit the vulnerability.

For ongoing security assurance, organizations should engage in continuous security testing to identify and remediate similar vulnerabilities proactively. Detailed guidance can be found through our penetration testing services that exercise the patched code path.

Detection Guidance

Organizations should monitor logs for indicators of potential exploitation, such as repeated process crashes or unusual subscription activity related to telemetry collectors.

Behavioral anomalies in network traffic that correspond to the affected processes (chassisd, rpd, or mib2d) should also be investigated.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to disrupt service continuity in critical network environments. Organizations are encouraged to adopt a proactive security posture that includes regular updates and patch management.

This incident highlights the importance of monitoring telemetry data and ensuring that network components are resilient. Security teams should learn from this vulnerability to enhance their incident response and mitigation strategies.

For further insights on vulnerability management, organizations can refer to our resources on the vulnerability management program and best practices in penetration testing methodology.

In conclusion, organizations should remain vigilant and prioritize cybersecurity measures to prevent disruptions from vulnerabilities like CVE-2026-21921.