CVE-2026-21912
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-02-25

Assigner: Juniper Networks, Inc.

Description
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series:  * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-02-25
Generated
2026-06-10
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-09
NVD
CVE-2026-21912
EUVD
EUVD-2026-2682
Affected Vendors & Products
Showing 78 associated CPEs
Vendor Product Version / Range
juniper junos 21.2
juniper junos 21.2
juniper junos 21.2
juniper junos 21.2
juniper junos 21.2
juniper junos 21.2
juniper junos 21.2
juniper junos 21.4
juniper junos 21.4
juniper junos 21.4
juniper junos 21.2
juniper junos 21.4
juniper junos 21.4
juniper junos 21.4
juniper junos 21.4
juniper junos 21.4
juniper junos 22.2
juniper junos 22.2
juniper junos 21.2
juniper junos 21.2
juniper junos 22.2
juniper junos 22.2
juniper junos 21.4
juniper junos 22.2
juniper junos 21.2
juniper junos 21.4
juniper junos 22.4
juniper junos to 21.2 (exc)
juniper junos 21.4
juniper junos 22.2
juniper junos 22.2
juniper junos 22.4
juniper junos 22.4
juniper junos 21.2
juniper junos 22.4
juniper junos 22.2
juniper junos 21.2
juniper junos 21.4
juniper junos 23.2
juniper junos 21.2
juniper junos 22.4
juniper junos 21.4
juniper junos 22.2
juniper junos 23.2
juniper junos 22.4
juniper junos 22.4
juniper junos 22.2
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 21.2
juniper junos 22.2
juniper junos 21.4
juniper junos 21.4
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.4
juniper junos 23.2
juniper junos 24.2
juniper junos 24.2
juniper junos 23.4
juniper junos 21.2
juniper junos 21.4
juniper junos 22.2
juniper junos 22.2
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos 21.2
juniper junos 22.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Time-of-check Time-of-use (TOCTOU) Race Condition in the method used to collect FPC Ethernet firmware statistics on Juniper Networks Junos OS running on MX10k Series with LC480 or LC2101 line cards. A local, low-privileged attacker can exploit this by repeatedly executing the 'show system firmware' CLI command, which causes the affected line card to crash and restart. This may also lead to the chassisd process crashing and restarting, generating a core dump.

Impact Analysis

The impact of this vulnerability is that an attacker with local, low-privileged access can cause a denial of service by crashing and restarting the LC480 or LC2101 line cards on MX10k Series systems. This can disrupt network operations and potentially cause instability due to the subsequent crash and restart of the chassisd process.

Detection Guidance

This vulnerability can be detected by monitoring the behavior of LC480 or LC2101 line cards on MX10k Series systems when the 'show system firmware' CLI command is executed repeatedly. If the line card crashes or restarts after running this command multiple times, it indicates the presence of the vulnerability. Specifically, observing unexpected resets or crashes of the line cards and subsequent crashes of chassisd with core dumps can be signs of this issue. The command to test this is: repeatedly execute 'show system firmware' on the affected devices and monitor for crashes.

Mitigation Strategies

Immediate mitigation steps include avoiding repeated execution of the 'show system firmware' CLI command on MX10k Series systems with LC480 or LC2101 line cards. Additionally, upgrading Junos OS to a fixed version that addresses this vulnerability is recommended. The affected versions are all versions before 21.2R3-S10, from 21.4 before 21.4R3-S9, from 22.2 before 22.2R3-S7, from 22.4 before 22.4R3-S6, from 23.2 before 23.2R2-S2, from 23.4 before 23.4R2-S3, and from 24.2 before 24.2R2. Applying the appropriate patches or updates to reach or exceed these versions will mitigate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21912. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart