CVE-2026-21911 is an incorrect calculation vulnerability classified under CWE-682 found in the Layer 2 Control Protocol Daemon (l2cpd) component of Juniper Networks Junos OS Evolved. The flaw arises when an unauthenticated attacker, positioned adjacent to the network, repeatedly flaps the management interface. This triggers a malfunction in the MAC address learning process over label-switched interfaces (LSI), causing the system to cease learning new MAC addresses. Concurrently, the daemon generates a flood of log messages containing detailed error codes such as IFBD_VALIDATE_FAIL_EPOCH_MISMATCH, which leads to excessive CPU consumption. The high CPU usage can degrade device performance and potentially cause denial of service by exhausting processing resources. Affected versions include all releases before 21.4R3-S7-EVO, and multiple subsequent versions up to but not including 23.4R2-EVO. The vulnerability does not require authentication or user interaction but does require network adjacency, meaning the attacker must have access to the same Layer 2 network segment or be able to influence the management interface state. No public exploits are known at this time, but the vulnerability’s characteristics suggest it could be leveraged to disrupt network operations, especially in environments heavily reliant on MPLS and L2 switching. The issue is particularly critical for network infrastructure devices that form the backbone of enterprise and service provider networks.

For European organizations, the impact of CVE-2026-21911 can be significant, especially for those operating large-scale networks using Juniper routers with Junos OS Evolved. The vulnerability can lead to denial of service by halting MAC address learning on label-switched interfaces, which disrupts normal Layer 2 forwarding and can cause traffic blackholing or flooding. The resulting high CPU usage may degrade router performance, impacting network availability and reliability. Critical sectors such as telecommunications, finance, government, and large enterprises that depend on stable MPLS networks could face operational disruptions. Additionally, the flood of log messages may complicate incident response and monitoring efforts. Although no data confidentiality or integrity loss is indicated, the availability impact alone can cause substantial business interruptions and potential regulatory compliance issues under frameworks like NIS2 and GDPR if network outages affect critical services.

1. Apply Juniper’s security patches immediately for all affected Junos OS Evolved versions as soon as they become available. 2. Monitor network management interfaces for unusual flapping activity and investigate any frequent state changes. 3. Implement network segmentation and access controls to limit network adjacency exposure to untrusted devices or users. 4. Enable and tune logging and alerting to detect excessive log generation from l2cpd or abnormal CPU usage on Juniper devices. 5. Employ rate limiting or storm control on management interfaces to reduce the impact of interface flapping. 6. Regularly audit device firmware and software versions to ensure timely patching. 7. Coordinate with network operations teams to prepare incident response plans for potential denial-of-service scenarios affecting MPLS and L2 switching infrastructure.