CVE-2026-21903
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper_networks | junos_os | to 22.4R3-S7 (exc) |
| juniper_networks | junos_os | to 23.2R2-S4 (exc) |
| juniper_networks | junos_os | to 23.4R2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS. It allows a network-based attacker with low privileges to cause a Denial-of-Service (DoS) by subscribing to telemetry sensors at scale, which causes all FPC connections to drop, resulting in an FPC crash and restart. The issue does not occur when YANG packages for the specific sensors are installed.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a Denial-of-Service (DoS) condition on affected Junos OS devices. Specifically, subscribing to telemetry sensors at scale can cause all Flexible PIC Concentrator (FPC) connections to drop, leading to an FPC crash and restart, which disrupts network operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Junos OS to a fixed version. Specifically, update to at least version 22.4R3-S7, 23.2R2-S4, or 23.4R2 or later. Additionally, installing the YANG packages for the specific telemetry sensors can prevent the issue from occurring when subscribing to telemetry sensors at scale.