CVE-2026-21912 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability classified under CWE-367, affecting Juniper Networks Junos OS running on MX10k Series routers equipped with LC480 or LC2101 line cards. The vulnerability arises in the method that collects FPC Ethernet firmware statistics when the 'show system firmware' CLI command is executed. A low-privileged local attacker can exploit this race condition by repeatedly issuing this command, causing the targeted line card to crash and restart. Subsequently, the chassisd process, responsible for chassis management, may also crash and restart, generating core dumps. This leads to a denial of service (DoS) condition affecting network availability. The vulnerability affects multiple Junos OS versions prior to patched releases: all versions before 21.2R3-S10, from 21.4 before 21.4R3-S9, from 22.2 before 22.2R3-S7, from 22.4 before 22.4R3-S6, from 23.2 before 23.2R2-S2, from 23.4 before 23.4R2-S3, and from 24.2 before 24.2R2. Exploitation requires local access with low privileges and no user interaction, limiting the attack surface but still posing a risk in environments where untrusted users have CLI access. The CVSS v3.1 base score is 5.5, indicating medium severity, with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, meaning local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability. No known exploits have been reported in the wild as of the publication date. The vulnerability can disrupt critical network infrastructure by causing line card resets and management process crashes, potentially impacting network stability and uptime.

For European organizations, especially those operating large-scale network infrastructures or ISPs using Juniper MX10k Series routers with LC480 or LC2101 line cards, this vulnerability poses a risk of denial of service through line card resets and management process crashes. Such disruptions can lead to network outages, degraded service quality, and potential cascading failures in critical communication networks. Enterprises relying on these devices for backbone routing or data center interconnects may experience operational interruptions, impacting business continuity and service level agreements. The requirement for local access limits remote exploitation risk; however, insider threats or compromised administrative workstations could leverage this vulnerability. Additionally, the generation of core dumps may expose sensitive debugging information if not properly secured. The impact is primarily on availability, with no direct confidentiality or integrity compromise, but the operational consequences can be significant in high-dependency environments.

European organizations should prioritize upgrading affected Junos OS versions to the fixed releases specified by Juniper Networks, ensuring all MX10k Series routers with LC480 or LC2101 line cards are patched promptly. Restrict CLI access to trusted and authenticated administrators only, employing strong access controls and network segmentation to limit local access vectors. Implement monitoring and alerting for unusual CLI command usage patterns, particularly repeated 'show system firmware' commands, to detect potential exploitation attempts. Regularly audit user privileges and session activities on network devices to identify unauthorized or anomalous behavior. Employ role-based access control (RBAC) to minimize the number of users with permissions to execute sensitive commands. Additionally, secure core dump files generated by chassisd to prevent leakage of sensitive information. Maintain up-to-date incident response plans to quickly address any service disruptions caused by exploitation attempts. Finally, coordinate with Juniper Networks support for guidance and apply any additional recommended security configurations.