Cyber Resilience

CVE-2026-21913

High

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
EPSS Score 0.0037 29.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21913 is a high-severity Improper Initialization (CWE-665) vulnerability in Juniper Junos. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21913 is an Incorrect Initialization of Resource vulnerability (CWE-665) in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 switch models. It affects the 48-port variants, including EX4000-48T, EX4000-48P, and EX4000-48MP, running Junos OS versions 24.4 prior to 24.4R2 and 25.2 prior to 25.2R1-S2 or 25.2R2. A high volume of traffic destined to the device triggers an FXPC crash and restart, resulting in a complete service outage until the device automatically reboots. The incident is indicated by the reboot reason "0x4000002:watchdog + panic with core dump" in the output of 'show chassis routing-engine' or log messages. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

An unauthenticated, network-based attacker can exploit this vulnerability by sending a high volume of traffic to the affected device. Successful exploitation causes the FXPC process to crash, leading to a Denial-of-Service (DoS) condition with a full service outage during the restart period.

Juniper's security advisories at https://kb.juniper.net/JSA106014 and https://supportportal.juniper.net/JSA106014 detail the affected versions and provide recommended patches or upgrades to mitigate the issue, such as Junos OS 24.4R2 and later for the 24.4 series, or 25.2R1-S2, 25.2R2, and subsequent releases for the 25.2 series. The first Junos OS release for EX4000 models was 24.4R1, so earlier versions are not impacted.

EU & UK References

Vulnerability details

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a…

more

high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message: reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

High-volume traffic exploits resource initialization flaw to crash FXPC process, directly enabling application/system exploitation for DoS per T1499.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-39564Same product: Juniper Junos
CVE-2025-60003Same product: Juniper Junos
CVE-2025-21598Same product: Juniper Junos
CVE-2026-21906Same product: Juniper Junos
CVE-2026-33790Same product: Juniper Junos
CVE-2026-21920Same product: Juniper Junos
CVE-2026-21917Same product: Juniper Junos
CVE-2026-21914Same product: Juniper Junos
CVE-2026-21905Same product: Juniper Junos
CVE-2026-21918Same product: Juniper Junos

Affected Assets

juniper
junos
24.4, 25.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the incorrect initialization flaw in the Internal Device Manager by ensuring timely application of Juniper's recommended Junos OS patches such as 24.4R2 or 25.2R1-S2.

prevent

Implements denial-of-service protections at network entry points to block high-volume traffic floods that trigger the FXPC crash on affected EX4000 models.

prevent

Monitors and controls communications at external boundaries to enforce traffic rate limiting and filtering, mitigating unauthenticated network-based DoS attempts.

References