CVE-2026-21915
Received Received - Intake
Shell Command Injection in Juniper JSI vLWC Enables Root Escalation

Publication date: 2026-04-09

Last updated on: 2026-04-09

Assigner: Juniper Networks, Inc.

Description
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system. This issue affects all JSI vLWC versions before 3.0.94.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-21915
EUVD
EUVD-2026-21078
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
juniper_networks jsi_virtual_lightweight_collector to 3.0.94 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-183 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Permissive List of Allowed Input issue in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC). It allows a local attacker with high privileges to escalate their privileges to root.

The CLI menu accepts input without properly validating it, which enables shell command injection. These injected shell commands run with root permissions, allowing the attacker to gain complete control over the system.

This affects all JSI vLWC versions before 3.0.94.

Impact Analysis

An attacker exploiting this vulnerability can escalate their privileges to root on the affected system.

With root access, the attacker can execute arbitrary commands with full system control, potentially leading to data theft, system manipulation, disruption of services, or further compromise of the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21915. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart