CVE-2026-21909

Q: What is the severity of CVE-2026-21909?

CVE-2026-21909 has a CVSS score of 6.5 (MEDIUM). This CVE describes a memory leak vulnerability in Juniper's routing protocol daemon (rpd) that allows an adjacent IS-IS neighbor to send malicious update packets causing memory exhaustion. Continued exploitation leads to rpd crash and denial of service. Affects Junos OS and Junos OS Evolved versions 23.2 through 24.1.

6.5 MEDIUM

Denial of Service

📋 TL;DR

This CVE describes a memory leak vulnerability in Juniper's routing protocol daemon (rpd) that allows an adjacent IS-IS neighbor to send malicious update packets causing memory exhaustion. Continued exploitation leads to rpd crash and denial of service. Affects Junos OS and Junos OS Evolved versions 23.2 through 24.1.

💻 Affected Systems

Products:

Juniper Networks Junos OS
Juniper Networks Junos OS Evolved

Versions: Junos OS: from 23.2 before 23.2R2, from 23.4 before 23.4R1-S2, 23.4R2, from 24.1 before 24.1R2. Junos OS Evolved: from 23.2 before 23.2R2-EVO, from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, from 24.1 before 24.1R2-EVO.

Operating Systems: Junos OS, Junos OS Evolved

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems running IS-IS routing protocol. Versions before 23.2R1 or 23.2R1-EVO are not affected.

📦 What is this software?

Junos by Juniper

Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...

Learn more about Junos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service on affected routers, disrupting network connectivity and potentially causing cascading failures in routing infrastructure.

🟠

Likely Case

Intermittent service disruption on affected routers as memory exhaustion causes rpd crashes and restarts.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and response.

🌐 Internet-Facing: MEDIUM - Requires adjacent IS-IS neighbor access, but IS-IS is often used in internet backbone routing.

🏢 Internal Only: HIGH - Internal routing infrastructure using IS-IS protocol is directly vulnerable to adjacent attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires control of an adjacent IS-IS neighbor, making it accessible to attackers with network access to routing infrastructure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Junos OS: 23.2R2, 23.4R1-S2, 23.4R2, 24.1R2. Junos OS Evolved: 23.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO.

Vendor Advisory: https://kb.juniper.net/JSA106008

Restart Required: Yes

Instructions:

1. Download appropriate patch from Juniper support portal. 2. Apply patch following Juniper upgrade procedures. 3. Restart affected routing daemon or device. 4. Verify fix with version check and memory monitoring.

🔧 Temporary Workarounds

IS-IS neighbor filtering

all

Implement strict IS-IS neighbor authentication and filtering to prevent unauthorized adjacent devices from sending malicious packets.

set protocols isis authentication-key
set protocols isis interface <interface> hello-authentication

Memory monitoring and alerting

all

Implement proactive monitoring of rpd memory usage to detect and respond to memory exhaustion before service disruption.

show task memory detail | match ted-infra
show system processes extensive | match rpd

🧯 If You Can't Patch

Implement strict network segmentation to limit IS-IS adjacency to trusted devices only.
Deploy network monitoring to detect abnormal IS-IS traffic patterns and memory usage spikes.

🔍 How to Verify

Check if Vulnerable:

Check current Junos version with 'show version' and compare against affected versions. Verify IS-IS protocol is running with 'show isis adjacency'.

Check Version:

show version

Verify Fix Applied:

After patching, verify version is updated and monitor rpd memory usage with 'show task memory detail | match ted-infra' to ensure no abnormal memory growth.

📡 Detection & Monitoring

Log Indicators:

rpd crash logs
memory allocation failure messages
IS-IS adjacency flapping logs

Network Indicators:

Abnormal IS-IS update packet patterns
Increased memory usage on routers
Routing protocol instability

SIEM Query:

source="junos" AND ("rpd" OR "IS-IS") AND ("crash" OR "memory" OR "exhaust")

📊 Metadata

CVE ID: CVE-2026-21909

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://kb.juniper.net/JSA106008 Vendor Advisory
https://supportportal.juniper.net/JSA106008 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

Junos Os Evolved by Juniper

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

IS-IS neighbor filtering

Memory monitoring and alerting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities