CVE-2026-21909 is a vulnerability classified under CWE-401 (Missing Release of Memory after Effective Lifetime) affecting Juniper Networks Junos OS and Junos OS Evolved routing protocol daemon (rpd). The flaw exists in the handling of IS-IS routing protocol update packets. An unauthenticated attacker who controls an adjacent IS-IS neighbor can send specially crafted update packets that cause the rpd process to leak memory continuously. Over time, this memory leak exhausts all available memory, causing the rpd process to crash and resulting in a denial of service (DoS) condition on the affected device. The vulnerability affects Junos OS versions from 23.2 before 23.2R2, from 23.4 before 23.4R1-S2 and 23.4R2, and from 24.1 before 24.1R2, as well as corresponding Junos OS Evolved versions. The vulnerability does not impact versions prior to 23.2R1. The attack vector requires adjacency in the IS-IS network but no authentication or user interaction, making it moderately easy to exploit in environments where an attacker can establish IS-IS adjacency. Memory usage can be monitored using the 'show task memory detail' command to detect abnormal increases in memory consumption related to the TED-INFRA-COOKIE task. No known public exploits exist yet, but the vulnerability poses a risk of network disruption due to DoS. The CVSS v3.1 score is 6.5 (medium), reflecting the lack of confidentiality or integrity impact but significant availability impact and ease of exploitation given adjacency. Juniper has not yet published patches linked in the provided data but versions fixed are indicated, so patching is expected to be available or forthcoming.

For European organizations, especially those operating critical network infrastructure or large enterprise networks using Juniper routing devices with IS-IS enabled, this vulnerability can cause significant disruption. The DoS condition resulting from rpd crashes can lead to routing outages, network instability, and potential loss of connectivity affecting business operations and services. Telecommunications providers, data centers, and large enterprises relying on Juniper Junos OS for core or edge routing are particularly at risk. The requirement for adjacency in the IS-IS network limits the attack surface to internal or trusted network segments, but insider threats or compromised adjacent devices could exploit this vulnerability. The absence of confidentiality or integrity impact reduces risk of data breach but availability impact can cause operational downtime and financial loss. Given the widespread use of Juniper devices in European telecom and enterprise sectors, the potential for service disruption is notable. Countries with advanced network infrastructure and high Juniper deployment, such as Germany, France, the UK, and the Netherlands, may face higher exposure. The vulnerability also poses risks to national critical infrastructure networks that rely on Juniper routing platforms.

1. Apply vendor patches promptly once they become available for affected Junos OS and Junos OS Evolved versions (23.2, 23.4, 24.1 branches). 2. Monitor memory usage on Juniper devices using 'show task memory detail' focusing on TED-INFRA-COOKIE or related tasks to detect abnormal memory growth indicative of exploitation attempts. 3. Restrict IS-IS adjacency to trusted devices only; implement strict network segmentation and access controls to limit which devices can form IS-IS neighbor relationships. 4. Employ network monitoring and anomaly detection tools to identify unusual IS-IS update packet patterns or traffic spikes that may signal attack attempts. 5. Regularly audit network topology and routing protocol configurations to ensure no unauthorized devices can establish IS-IS adjacency. 6. Consider disabling IS-IS on interfaces where it is not required to reduce attack surface. 7. Maintain up-to-date inventory of Juniper devices and their software versions to prioritize patching and risk assessment. 8. Engage with Juniper support and security advisories for updates and recommended best practices. These steps go beyond generic advice by focusing on protocol adjacency controls, active memory monitoring, and network segmentation tailored to the nature of this vulnerability.