Is there a patch available for CVE-2026-21904?

Yes, a patch is available for CVE-2026-21904. Update the affected software to the latest version immediately.

Juniper CVE-2026-21904

Q: What is the CVSS score of CVE-2026-21904?

CVE-2026-21904 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21077 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-04-09 juniper

GHSA-3cpj-89qh-f3x6

XSS Juniper

5.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

24.1R5

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21077

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:26 nvd

MEDIUM 5.1

DescriptionNVD

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the

list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.

This issue affects all versions of Junos Space before 24.1R5 Patch V3.

AnalysisAI

Stored cross-site scripting (XSS) in Juniper Networks Junos Space allows unauthenticated remote attackers to inject malicious script tags into the list filter field, which execute with the permissions of any user who views the affected page, including administrators. All versions before 24.1R5 Patch V3 are vulnerable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-48687 CRITICAL Act Now

9.8 May 26

OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped e

CVE-2026-21904 vulnerability details – vuln.today

Back

Juniper CVE-2026-21904

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

Juniper CVE-2026-21904

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code