CVE-2026-21909 is a vulnerability classified under CWE-401 (Missing Release of Memory after Effective Lifetime) affecting Juniper Networks Junos OS and Junos OS Evolved routing protocol daemon (rpd). The flaw allows an unauthenticated attacker who controls an adjacent IS-IS neighbor to send specially crafted update packets that cause a memory leak in the rpd process. This leak accumulates over time as the daemon continues to process these packets, eventually exhausting all available memory resources. When memory is depleted, the rpd process crashes, leading to a Denial of Service (DoS) condition that disrupts routing functionality. The vulnerability affects Junos OS versions from 23.2 up to but not including 23.2R2, 23.4 up to but not including 23.4R1-S2 and 23.4R2, and 24.1 up to but not including 24.1R2, as well as corresponding Junos OS Evolved versions. The issue does not require any authentication or user interaction, increasing the risk of exploitation by adjacent network attackers. Operators can monitor memory usage related to this vulnerability using the 'show task memory detail' command to identify abnormal memory growth in the TED-INFRA-COOKIE task. Although no public exploits are known, the vulnerability poses a risk of network outages due to routing daemon crashes. Juniper has released patches in the specified versions to address this issue.

For European organizations, the primary impact of CVE-2026-21909 is the potential for network outages caused by the crashing of the routing protocol daemon (rpd) on Juniper devices running vulnerable Junos OS versions. This can lead to Denial of Service conditions affecting network availability, disrupting critical communications and services. Organizations relying on IS-IS routing protocols in their infrastructure are particularly at risk, as exploitation requires adjacency in the IS-IS neighbor topology. The vulnerability does not compromise confidentiality or integrity but can severely impact operational continuity, especially in service providers, large enterprises, and critical infrastructure sectors. Prolonged DoS conditions could affect business operations, emergency services, and inter-organizational communications. The lack of authentication requirement lowers the barrier for exploitation by malicious actors within the same network segment or via compromised adjacent devices. Monitoring and timely patching are essential to mitigate operational risks.

1. Apply Juniper's official patches for Junos OS and Junos OS Evolved as soon as they become available for the affected versions (23.2, 23.4, 24.1). 2. Restrict IS-IS adjacency to trusted devices only, implementing strict access controls and network segmentation to limit exposure to potentially malicious neighbors. 3. Monitor memory usage of the rpd process regularly using 'show task memory detail' and set up alerts for abnormal memory growth in the TED-INFRA-COOKIE task. 4. Employ network anomaly detection tools to identify unusual IS-IS update packets or traffic patterns indicative of exploitation attempts. 5. Consider deploying rate limiting or filtering on IS-IS protocol packets at network boundaries to reduce the risk of crafted packet floods. 6. Maintain an inventory of Juniper devices and their OS versions to prioritize patch management and vulnerability remediation. 7. Conduct regular security audits and penetration testing focusing on routing protocol security and adjacent device trustworthiness. 8. Implement robust incident response plans to quickly isolate and remediate affected devices in case of exploitation.