Cyber Resilience

CVE-2026-21916

High

Published: 09 April 2026

Published
09 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v4 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
EPSS Score 0.0001 2.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21916 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Juniper Junos. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Deeper analysis

CVE-2026-21916 is a UNIX Symbolic Link (Symlink) Following vulnerability (CWE-61) in the CLI of Juniper Networks Junos OS, with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). It affects Junos OS all versions before 23.2R2-S7, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S3, 24.4 versions before 24.4R2-S2, and 25.2 versions before 25.2R2. Versions 25.4R1 and later are not affected.

A local, authenticated attacker with low privileges can exploit this vulnerability to escalate privileges to root, resulting in complete system compromise. The attack scenario requires one user to perform a specific 'file link ...' CLI operation, after which another user commits unrelated configuration changes; the first user can then log in as root.

The Juniper security advisory at https://kb.juniper.net/JSA107807 details mitigation, which involves upgrading to a supported, patched release of Junos OS as specified in the affected versions.

EU & UK References

Vulnerability details

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When…

more

after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Symlink following vulnerability in local CLI directly enables local authenticated privilege escalation to root.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21590Same product: Juniper Junos
CVE-2026-33793Same product: Juniper Junos
CVE-2026-21908Same product: Juniper Junos
CVE-2026-33785Same product: Juniper Junos
CVE-2025-21598Same product: Juniper Junos
CVE-2025-60003Same product: Juniper Junos
CVE-2024-39564Same product: Juniper Junos
CVE-2025-59960Same product: Juniper Junos
CVE-2026-33797Same product: Juniper Junos
CVE-2026-21913Same product: Juniper Junos

Affected Assets

juniper
junos
23.2, 23.4, 24.2, 24.4, 25.2 · ≤ 23.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching and upgrading of vulnerable Junos OS versions to remediate the symlink following privilege escalation vulnerability as specified in the Juniper advisory.

prevent

Ensures receipt and implementation of security advisories like JSA107807 to identify and address the affected Junos OS versions before exploitation.

prevent

Restricts low-privilege local users from executing the vulnerable 'file link' CLI operation, reducing the attack surface for privilege escalation.

References