CVE-2026-21909
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak.Β Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra Β  TED-INFRA-COOKIE Β  Β  Β  Β  Β  25 Β  1072 Β  Β  28 Β  1184 Β  Β  229 user@junos> show task memory detail | match ted-infra Β  TED-INFRA-COOKIE Β  Β  Β  Β  Β  31 Β  1360 Β  Β  34 Β  1472 Β  Β  307 This issue affects: Junos OS:Β  * from 23.2 before 23.2R2,Β  * from 23.4 before 23.4R1-S2, 23.4R2,Β  * from 24.1 before 24.1R2;Β  Junos OS Evolved:Β  * from 23.2 before 23.2R2-EVO,Β  * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,Β  * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21909
EUVD
EUVD-2026-2696
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
juniper junios From 23.2 (inc) to 23.2R2 (exc)
juniper junios From 23.4 (inc) to 23.4R1-S2 (exc)
juniper junios From 24.1 (inc) to 24.1R2 (exc)
juniper junios_evolved From 23.2 (inc) to 23.2R2-EVO (exc)
juniper junios_evolved From 23.4 (inc) to 23.4R1-S2-EVO (exc)
juniper junios_evolved From 24.1 (inc) to 24.1R2-EVO (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Release of Memory after Effective Lifetime issue in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated attacker who controls an adjacent IS-IS neighbor can send a specific update packet that causes a memory leak. Continued receipt and processing of these packets exhausts all available memory, causing the rpd process to crash and resulting in a Denial of Service (DoS) condition.

Impact Analysis

The impact of this vulnerability is a Denial of Service (DoS) condition. An attacker can cause the routing protocol daemon (rpd) to crash by exhausting all available memory through specially crafted packets, which can disrupt network routing and availability.

Detection Guidance

This vulnerability can be detected by monitoring memory usage on the affected Junos OS or Junos OS Evolved devices. You can use the command 'show task memory detail | match ted-infra' to check for abnormal memory consumption related to the TED-INFRA-COOKIE task, which indicates the memory leak caused by the vulnerability.

Mitigation Strategies

Immediate mitigation steps include upgrading the Junos OS or Junos OS Evolved software to a fixed version that addresses this vulnerability. Specifically, upgrade to versions 23.2R2 or later for 23.2 releases, 23.4R1-S2 or 23.4R2 or later for 23.4 releases, and 24.1R2 or later for 24.1 releases. Until the upgrade can be applied, monitoring memory usage closely and limiting or controlling IS-IS neighbor adjacencies from untrusted sources may help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21909. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart