EUVD-2026-21080
GHSA-x5g9-73r3-vh5h
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
Lifecycle Timeline
3Description
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.
Analysis
Symbolic link manipulation in Juniper Networks Junos OS CLI enables authenticated local attackers with low privileges to escalate to root access. Exploitation requires two users: the first performs a 'file link ...' CLI operation, then after the second user commits unrelated configuration changes, the first user can authenticate as root, achieving full system compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Junos OS deployments across versions 23.2-25.2 using Juniper's device management tools; restrict CLI access to only essential users and enforce multi-factor authentication where supported. Within 7 days: Check Juniper security advisories for patch availability and timeline; implement network-based access restrictions to limit who can reach the CLI (e.g., management VLANs, ACLs). …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today