JUNIPER Networks released an out-of-band update for its Junos OS Evolved to patch a critical remote code execution vulnerability tracked as CVE-2026-21902 that affects PTX series high-performance routers. The issue concerns the On-Box Anomaly detection framework and can be exploited by an unauthenticated attacker with network access to execute arbitrary code with root privileges.
According to Juniper, the On-Box Analaytics service should be reachable only by internal processes, but it is enabled by default and exposed, allowing a remote attacker to take complete control of the device. The security hole has been patched in versions 25.4R1-S1-EVO and 25.4R2-EVO, with earlier Junos OS Evolved versions and Junos OS not affected.
SecurityWeek notes that CVE-2026-21902 was discovered internally and there is no evidence of in-the-wild exploitation; however, it is common for threat actors to exploit Juniper flaws, with CISA’s KEV catalog currently including eight such flaws. Written by Eduard Kovacs, 27 February 2026.