CVE-2026-21903 is a stack-based buffer overflow vulnerability classified under CWE-121, located in the Packet Forwarding Engine (PFE) component of Juniper Networks Junos OS. The PFE is responsible for high-speed packet forwarding and processing within Juniper routers and switches. This vulnerability is triggered when an authenticated attacker with low privileges subscribes to telemetry sensors at scale, which causes all Flexible PIC Concentrator (FPC) connections to drop, leading to an FPC crash and subsequent restart. The crash results in a denial-of-service (DoS) condition, temporarily disrupting network traffic forwarding. The vulnerability affects multiple Junos OS versions: all versions before 22.4R3-S7, versions 23.2 before 23.2R2-S4, and versions 23.4 before 23.4R2. Notably, the issue does not manifest if the YANG packages for the specific telemetry sensors are installed, suggesting that the vulnerability is linked to how telemetry subscriptions are handled in the absence of these packages. The CVSS 3.1 score of 6.5 reflects that the attack can be launched remotely over the network (AV:N), with low complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacts availability only (A:H) without compromising confidentiality or integrity. No public exploits have been reported yet, but the vulnerability poses a risk to network stability and availability, especially in environments relying heavily on Juniper devices for critical infrastructure.

For European organizations, this vulnerability poses a significant risk to network availability and stability, particularly for enterprises, service providers, and critical infrastructure operators using Juniper Networks devices running affected Junos OS versions. A successful exploitation could lead to temporary network outages or degraded performance due to FPC crashes and restarts, impacting business continuity and service delivery. Organizations relying on telemetry for network monitoring and management may experience disruptions or loss of visibility during attacks. The requirement for low-privilege authentication reduces the attack barrier, increasing the risk from insider threats or compromised low-level accounts. While confidentiality and integrity are not directly impacted, the availability disruption could indirectly affect operational processes and incident response capabilities. Given Juniper's strong presence in European telecom and enterprise networks, the vulnerability could affect large-scale network deployments, potentially impacting sectors such as finance, government, healthcare, and telecommunications.

European organizations should prioritize updating Junos OS to fixed versions 22.4R3-S7 or later, 23.2R2-S4 or later, and 23.4R2 or later as soon as patches become available. Until patches are applied, installing the relevant YANG packages for telemetry sensors can serve as a temporary mitigation to prevent the vulnerability from being triggered. Network administrators should restrict and monitor access to telemetry subscription interfaces, enforcing strict authentication and authorization controls to limit low-privilege user capabilities. Implement network segmentation and access controls to isolate management and telemetry interfaces from untrusted networks. Continuous monitoring for unusual telemetry subscription activity and FPC connection drops can help detect exploitation attempts early. Additionally, organizations should review and harden their telemetry configurations to avoid large-scale sensor subscriptions that could trigger the vulnerability. Incident response plans should include procedures for rapid recovery from FPC crashes to minimize downtime.