CVE-2026-21916

EUVD-2026-21080
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.

When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root.

This issue affects Junos OS:
  *  all versions before 23.2R2-S7,
  *  23.4 versions before 23.4R2-S6,
  *  24.2 versions before 24.2R2-S3,
  *  24.4 versions before 24.4R2-S2,
  *  25.2 versions before 25.2R2.


This issue does not affect versions 25.4R1 or later.
Symlink
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
juniperjunos
𝑥
< 23.2
juniperjunos
23.2
juniperjunos
23.2:r1
juniperjunos
23.2:r1-s1
juniperjunos
23.2:r1-s2
juniperjunos
23.2:r2
juniperjunos
23.2:r2-s1
juniperjunos
23.2:r2-s2
juniperjunos
23.2:r2-s3
juniperjunos
23.2:r2-s4
juniperjunos
23.2:r2-s5
juniperjunos
23.2:r2-s6
juniperjunos
23.4
juniperjunos
23.4:r1
juniperjunos
23.4:r1-s1
juniperjunos
23.4:r1-s2
juniperjunos
23.4:r2
juniperjunos
23.4:r2-s1
juniperjunos
23.4:r2-s2
juniperjunos
23.4:r2-s3
juniperjunos
23.4:r2-s4
juniperjunos
23.4:r2-s5
juniperjunos
24.2
juniperjunos
24.2:r1
juniperjunos
24.2:r1-s1
juniperjunos
24.2:r1-s2
juniperjunos
24.2:r2
juniperjunos
24.2:r2-s1
juniperjunos
24.2:r2-s2
juniperjunos
24.4
juniperjunos
24.4:r1
juniperjunos
24.4:r1-s2
juniperjunos
24.4:r1-s3
juniperjunos
24.4:r2
juniperjunos
24.4:r2-s1
juniperjunos
25.2
juniperjunos
25.2:r1
juniperjunos
25.2:r1-s1
juniperjunos
25.2:r1-s2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.juniper.net/JSA107807