CVE-2026-21909

EUVD-2026-2696
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.

Memory usage can be monitored through the use of the 'show task memory detail' command. For example:

user@junos> show task memory detail | match ted-infra
  TED-INFRA-COOKIE             25     1072       28     1184       229



user@junos> 

show task memory detail | match ted-infra
  TED-INFRA-COOKIE             31     1360       34     1472       307

This issue affects:

Junos OS: 

  *  from 23.2 before 23.2R2, 
  *  from 23.4 before 23.4R1-S2, 23.4R2, 
  *  from 24.1 before 24.1R2; 


Junos OS Evolved: 

  *  from 23.2 before 23.2R2-EVO, 
  *  from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, 
  *  from 24.1 before 24.1R2-EVO.


This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniperCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
juniperjunos
23.2
juniperjunos
23.2:r1
juniperjunos
23.2:r1-s1
juniperjunos
23.2:r1-s2
juniperjunos
23.4
juniperjunos
23.4:r1
juniperjunos
23.4:r1-s1
juniperjunos
23.4:r2
juniperjunos
24.1
juniperjunos
24.1:r1
juniperjunos_os_evolved
23.2
juniperjunos_os_evolved
23.2:r1
juniperjunos_os_evolved
23.2:r1-s1
juniperjunos_os_evolved
23.2:r1-s2
juniperjunos_os_evolved
23.4
juniperjunos_os_evolved
23.4:r1
juniperjunos_os_evolved
23.4:r1-s1
juniperjunos_os_evolved
23.4:r2
juniperjunos_os_evolved
24.1
juniperjunos_os_evolved
24.1:r1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.juniper.net/JSA106008
https://supportportal.juniper.net/JSA106008