CVE-2026-21916
Received Received - Intake
Symlink Following Vulnerability in Junos OS Enables Root Escalation

Publication date: 2026-04-09

Last updated on: 2026-04-17

Assigner: Juniper Networks, Inc.

Description
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21916
EUVD
EUVD-2026-21080
Affected Vendors & Products
Showing 39 associated CPEs
Vendor Product Version / Range
juniper junos 23.2
juniper junos 23.2
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.2
juniper junos 24.2
juniper junos 24.2
juniper junos 23.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 24.2
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.2
juniper junos 24.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.4
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 23.2
juniper junos to 23.2 (exc)
juniper junos 23.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can lead to a complete compromise of the affected system. A low-privileged local user can escalate their privileges to root, gaining full control over the system. This can result in unauthorized access, modification, or destruction of data, disruption of services, and potential further exploitation of the network or connected systems.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your Junos OS to a version that is not affected by this issue.

  • Upgrade to Junos OS version 25.4R1 or later.
  • If upgrading immediately is not possible, restrict local authenticated user access to prevent exploitation.
Executive Summary

This vulnerability is a UNIX Symbolic Link (Symlink) Following issue in the command-line interface (CLI) of Juniper Networks Junos OS. It allows a local, authenticated user with low privileges to escalate their privileges to root. The escalation happens when a user performs a specific 'file link ...' CLI operation, and then another user commits unrelated configuration changes. After this sequence, the first user can log in as root, leading to a complete system compromise.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21916. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart