CVE-2026-21913
Published: 15 January 2026
Summary
CVE-2026-21913 is a high-severity Improper Initialization (CWE-665) vulnerability in Juniper Junos. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-21913 is an Incorrect Initialization of Resource vulnerability (CWE-665) in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 switch models. It affects the 48-port variants, including EX4000-48T, EX4000-48P, and EX4000-48MP, running Junos OS versions 24.4 prior to 24.4R2 and 25.2 prior to 25.2R1-S2 or 25.2R2. A high volume of traffic destined to the device triggers an FXPC crash and restart, resulting in a complete service outage until the device automatically reboots. The incident is indicated by the reboot reason "0x4000002:watchdog + panic with core dump" in the output of 'show chassis routing-engine' or log messages. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An unauthenticated, network-based attacker can exploit this vulnerability by sending a high volume of traffic to the affected device. Successful exploitation causes the FXPC process to crash, leading to a Denial-of-Service (DoS) condition with a full service outage during the restart period.
Juniper's security advisories at https://kb.juniper.net/JSA106014 and https://supportportal.juniper.net/JSA106014 detail the affected versions and provide recommended patches or upgrades to mitigate the issue, such as Junos OS 24.4R2 and later for the 24.4 series, or 25.2R1-S2, 25.2R2, and subsequent releases for the 25.2 series. The first Junos OS release for EX4000 models was 24.4R1, so earlier versions are not impacted.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2688
Vulnerability details
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a…
more
high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message: reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
High-volume traffic exploits resource initialization flaw to crash FXPC process, directly enabling application/system exploitation for DoS per T1499.004.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the incorrect initialization flaw in the Internal Device Manager by ensuring timely application of Juniper's recommended Junos OS patches such as 24.4R2 or 25.2R1-S2.
Implements denial-of-service protections at network entry points to block high-volume traffic floods that trigger the FXPC crash on affected EX4000 models.
Monitors and controls communications at external boundaries to enforce traffic rate limiting and filtering, mitigating unauthenticated network-based DoS attempts.