CVE-2026-21916

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.

When after a user has performed a specific 'file link …' CLI operation, another user commits (unrelated configuration changes), the first user can login as root.

This issue affects Junos OS:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S6,
  • 24.2 versions before 24.2R2-S3,
  • 24.4 versions before 24.4R2-S2,
  • 25.2 versions before 25.2R2.

This issue does not affect versions 25.4R1 or later.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 23.2R2-S7affected
Juniper NetworksJunos OS23.4 < 23.4R2-S6affected
Juniper NetworksJunos OS24.2 < 24.2R2-S3affected
Juniper NetworksJunos OS24.4 < 24.4R2-S2affected
Juniper NetworksJunos OS25.2 < 25.2R2affected
Juniper NetworksJunos OS25.4R1unaffected

Weaknesses

  • CWE-61: CWE-61 UNIX Symbolic Link (Symlink) Following

Workarounds

To prevent exploitation, use access controls to keep users from performing 'file link' operations.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References