Which versions of Juniper are affected by CVE-2026-21916?

CVE-2026-21916 affects Juniper Networks Junos OS and allows authenticated local users with low privileges to escalate to root access through symbolic link manipulation during configuration commits,…. A patch is available.

Juniper CVE-2026-21916

Q: What is the CVSS score of CVE-2026-21916?

CVE-2026-21916 has a CVSS 4.0 base score of 7.0 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21080 HIGH

UNIX Symbolic Link (Symlink) Following (CWE-61)

2026-04-09 juniper

GHSA-x5g9-73r3-vh5h

Privilege Escalation Juniper

7.0

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 18:07 vuln.today

cvss_changed

Analysis Updated

Apr 16, 2026 - 06:00 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

25.2R2,23.4R2-S6,24.4R2-S2

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21080

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:28 nvd

HIGH 7.0

DescriptionNVD

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.

When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root.

This issue affects Junos OS:

all versions before 23.2R2-S7,
23.4 versions before 23.4R2-S6,
24.2 versions before 24.2R2-S3,
24.4 versions before 24.4R2-S2,
25.2 versions before 25.2R2.

This issue does not affect versions 25.4R1 or later.

AnalysisAI

Symbolic link manipulation in Juniper Networks Junos OS CLI enables authenticated local attackers with low privileges to escalate to root access. Exploitation requires two users: the first performs a 'file link ...' CLI operation, then after the second user commits unrelated configuration changes, the first user can authenticate as root, achieving full system compromise. …

RemediationAI

Within 24 hours: Identify all Junos OS deployments running versions 23.2, 23.4, 24.2, 24.4, or 25.2 prior to patch levels specified in Juniper advisory and assess exposure of multi-user environments. Within 7 days: Apply vendor-released patches to affected versions; contact Juniper for specific patched version numbers if not yet published in advisory. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-48687 CRITICAL Act Now

9.8 May 26

OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped e

CVE-2026-21916 vulnerability details – vuln.today

Back

Juniper CVE-2026-21916

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

Juniper CVE-2026-21916

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code