critical advisory February 27, 2026

Critical Unauthenticated RCE Vulnerability in Junos OS Evolved

A critical unauthenticated remote code execution vulnerability, CVE-2026-21902, exists in Juniper Networks Junos OS Evolved PTX Series, allowing a network-based attacker to execute code as root, requiring immediate patching and increased monitoring.

A critical vulnerability, CVE-2026-21902, has been identified in Juniper Networks Junos OS Evolved PTX Series versions before 25.4R1-S1-EVO and 25.4R2-EVO. This vulnerability resides in the on-box anomaly detection framework and allows an unauthenticated, network-based attacker to execute arbitrary code as the root user. Given the pivotal role of PTX series routers in data centers and internet service provider networks, a successful exploit can lead to significant disruption, enabling attackers…

Detection coverage 2

Potential Junos OS Evolved CVE-2026-21902 Exploitation Attempt

high

Detects potential exploitation attempts of CVE-2026-21902 by monitoring for unusual processes spawned by the Junos OS anomaly detection framework.

sigma tactics: cve-2026-21902, execution, privilege_escalation techniques: T1059.004, T1068 sources: process_creation, linux

Junos OS Evolved - Suspicious Outbound Network Connection

medium

Detects suspicious outbound network connections originating from the Junos OS Evolved device itself.

sigma tactics: command_and_control, cve-2026-21902 techniques: T1071.001 sources: network_connection, linux

Detection queries are kept inside the platform. Get full rules →