CVE-2026-21913
Published: 15 January 2026
Summary
CVE-2026-21913 is a high-severity Improper Initialization (CWE-665) vulnerability in Juniper Junos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures shared resources are explicitly initialized or cleared on allocation, preventing exposure of prior contents to new users or processes.
Mandates that every instance begins in a known (presumably clean) state, eliminating reliance on residual or uninitialized state left by prior executions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
High-volume traffic exploits resource initialization flaw to crash FXPC process, directly enabling application/system exploitation for DoS per T1499.004.
NVD Description
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a…
more
high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message: reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.
Deeper analysisAI
CVE-2026-21913 is an Incorrect Initialization of Resource vulnerability (CWE-665) in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 switch models. It affects the 48-port variants, including EX4000-48T, EX4000-48P, and EX4000-48MP, running Junos OS versions 24.4 prior to 24.4R2 and 25.2 prior to 25.2R1-S2 or 25.2R2. A high volume of traffic destined to the device triggers an FXPC crash and restart, resulting in a complete service outage until the device automatically reboots. The incident is indicated by the reboot reason "0x4000002:watchdog + panic with core dump" in the output of 'show chassis routing-engine' or log messages. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An unauthenticated, network-based attacker can exploit this vulnerability by sending a high volume of traffic to the affected device. Successful exploitation causes the FXPC process to crash, leading to a Denial-of-Service (DoS) condition with a full service outage during the restart period.
Juniper's security advisories at https://kb.juniper.net/JSA106014 and https://supportportal.juniper.net/JSA106014 detail the affected versions and provide recommended patches or upgrades to mitigate the issue, such as Junos OS 24.4R2 and later for the 24.4 series, or 25.2R1-S2, 25.2R2, and subsequent releases for the 25.2 series. The first Junos OS release for EX4000 models was 24.4R1, so earlier versions are not impacted.
Details
- CWE(s)