CVE-2026-21912

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-02-25

Assigner: Juniper Networks, Inc.

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series: * all versions before 21.2R3-S10, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S2, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-15

Last Modified

2026-02-25

Generated

2026-05-07

AI Q&A

2026-01-16

EPSS Evaluated

2026-05-05

NVD

CVE-2026-21912

EUVD

EUVD-2026-2682

Affected Vendors & Products

Vendor	Product	Version / Range
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	22.4
juniper	junos	to 21.2 (exc)
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	21.2
juniper	junos	22.4
juniper	junos	22.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	23.2
juniper	junos	21.2
juniper	junos	22.4
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	23.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	21.2
juniper	junos	22.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	23.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.4
juniper	junos	23.2
juniper	junos	24.2
juniper	junos	24.2
juniper	junos	23.4
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	24.2
juniper	junos	24.2
juniper	junos	21.2
juniper	junos	22.2

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-367	The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a Time-of-check Time-of-use (TOCTOU) Race Condition in the method used to collect FPC Ethernet firmware statistics on Juniper Networks Junos OS running on MX10k Series with LC480 or LC2101 line cards. A local, low-privileged attacker can exploit this by repeatedly executing the 'show system firmware' CLI command, which causes the affected line card to crash and restart. This may also lead to the chassisd process crashing and restarting, generating a core dump.

How can this vulnerability impact me? :

The impact of this vulnerability is that an attacker with local, low-privileged access can cause a denial of service by crashing and restarting the LC480 or LC2101 line cards on MX10k Series systems. This can disrupt network operations and potentially cause instability due to the subsequent crash and restart of the chassisd process.

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the behavior of LC480 or LC2101 line cards on MX10k Series systems when the 'show system firmware' CLI command is executed repeatedly. If the line card crashes or restarts after running this command multiple times, it indicates the presence of the vulnerability. Specifically, observing unexpected resets or crashes of the line cards and subsequent crashes of chassisd with core dumps can be signs of this issue. The command to test this is: repeatedly execute 'show system firmware' on the affected devices and monitor for crashes.

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding repeated execution of the 'show system firmware' CLI command on MX10k Series systems with LC480 or LC2101 line cards. Additionally, upgrading Junos OS to a fixed version that addresses this vulnerability is recommended. The affected versions are all versions before 21.2R3-S10, from 21.4 before 21.4R3-S9, from 22.2 before 22.2R3-S7, from 22.4 before 22.4R3-S6, from 23.2 before 23.2R2-S2, from 23.4 before 23.4R2-S3, and from 24.2 before 24.2R2. Applying the appropriate patches or updates to reach or exceed these versions will mitigate the vulnerability.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-21912

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart