CVE-2026-21909

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak.Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.

Memory usage can be monitored through the use of the 'show task memory detail' command. For example:

user@junos> show task memory detail | match ted-infra
 TED-INFRA-COOKIE        25    1072     28    1184     229



user@junos> 

show task memory detail | match ted-infra
 TED-INFRA-COOKIE        31    1360     34    1472     307

This issue affects:

Junos OS:

  *  from 23.2 before 23.2R2,
  *  from 23.4 before 23.4R1-S2, 23.4R2,
  *  from 24.1 before 24.1R2;


Junos OS Evolved:

  *  from 23.2 before 23.2R2-EVO,
  *  from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,
  *  from 24.1 before 24.1R2-EVO.


This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniperCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://kb.juniper.net/JSA106008
https://supportportal.juniper.net/JSA106008