UrsaClimb Logo

Critical Juniper Networks PTX flaw allows full router takeover

Bleeping Computer
by Bill Toulas
February 26, 2026
AI-Generated Deep Dive Summary
A critical vulnerability has been discovered in Juniper Networks' PTX Series routers, allowing unauthenticated attackers to execute code remotely with root privileges. The flaw, identified as CVE-2026-21902, stems from incorrect permission assignment in the 'On-Box Anomaly Detection' framework, which was exposed over an external port instead of being restricted to internal processes. This enables attackers already on the network to take full control of affected devices without requiring authentication. The vulnerability affects Junos OS Evolved versions prior to 25.4R1-S1-EVO and 25.4R2-EVO, with older versions potentially impacted as well. However, non-Evolved Junos OS versions are not affected. Juniper Networks has released fixes in updated versions (25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO) and recommends immediate patching. If patching is delayed, administrators can mitigate risks by restricting access to vulnerable endpoints using firewall filters or disabling the service entirely with the command 'request pfe anomalies disable'. This issue highlights the growing threat landscape for network infrastructure, particularly for high-value targets like PTX Series routers used in critical sectors such as internet services, cloud networks, and telecommunications. Juniper's products are often targeted by advanced attackers due to their role in high-bandwidth environments. The discovery comes amid a series of recent cyber-attack campaigns targeting Juniper devices, including the deployment of custom backdoors and malware designed to disrupt or compromise network operations. These incidents underscore the need for proactive security measures and prompt updates in enterprise networks relying on such equipment. For organizations using PTX Series routers, addressing this vulnerability is critical to preventing potential takeover by malicious actors. The availability of patches makes immediate action essential, while temporary mitigations can provide a defense-in-depth approach until full remediation is achieved. This underscores the importance of staying vigilant against evolving cyber threats targeting network infrastructure.
Verticals
securitytech
Originally published on Bleeping Computer on 2/26/2026