JUNIPER Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability tracked as CVE-2026-21902, impacting PTX routers. The flaw resides in the On-Box Anomaly Detection framework and can let unauthenticated remote attackers execute code as root, with the service enabled by default and potentially reachable externally due to incorrect permissions.
The advisory published by the vendor notes that an unauthenticated, network-based attacker could take complete control of the device, and that the framework should only be reachable by internal processes over the internal routing instance. The vulnerability affects versions before 25.4R1-S1-EVO and 25.4R2-EVO, but not earlier releases or standard Junos OS, and Juniper reports no active exploitation at the time.
The company urges customers to apply the patch promptly and suggests limiting access to the affected service with ACLs or firewall filters, or disabling it with the command request pfe anomalies disable, according to the advisory published by the vendor. Follow-up guidance and further details are provided in the advisory, and Juniper SIRT is not aware of any attacks in the wild exploiting this flaw as of now.