CVE-2026-21913 is a vulnerability classified under CWE-1419 (Incorrect Initialization of Resource) found in the Internal Device Manager (IDM) of Juniper Networks Junos OS running on EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP). The flaw arises from improper resource initialization that can be exploited by an unauthenticated attacker remotely over the network. By flooding the device with a high volume of traffic destined for it, the attacker can cause the FXPC (Flexible Packet Processor Component) to crash and subsequently restart. This crash triggers a watchdog panic with a core dump, observable via the 'show chassis routing-engine' command with a reboot reason code 0x4000002. The crash and restart lead to a denial-of-service condition, causing complete service outage until the device finishes rebooting. The vulnerability affects Junos OS versions starting from 24.4 up to but not including 24.4R2, and versions 25.2 prior to 25.2R1-S2 and 25.2R2. Versions before 24.4R1 are not affected as they predate the EX4000 model support. The vulnerability has a CVSS v3.1 base score of 7.5, indicating high severity, with attack vector being network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and impact limited to availability (A:H) without affecting confidentiality or integrity. No public exploits have been reported yet, but the ease of exploitation and impact on availability make this a critical operational risk for affected deployments.

For European organizations using Juniper EX4000-48 series switches running vulnerable Junos OS versions, this vulnerability poses a significant risk of network disruption through denial-of-service attacks. The ability for unauthenticated attackers to remotely cause device crashes can lead to prolonged outages of critical network infrastructure, impacting business continuity, especially in sectors relying heavily on stable network connectivity such as finance, telecommunications, healthcare, and government. The outage could disrupt internal communications, data flows, and external connectivity, potentially affecting service level agreements and regulatory compliance. Additionally, the downtime required for device reboot may delay incident response and recovery. Given the network-exposed nature of the vulnerability, attackers could exploit this from outside the organization’s perimeter if devices are reachable, increasing the attack surface. The lack of confidentiality or integrity impact limits data breach risks but availability loss alone can have severe operational and financial consequences.

1. Immediate deployment of Juniper-released patches or updates that address this vulnerability is the primary mitigation step. Organizations should verify and upgrade to Junos OS versions 24.4R2, 25.2R1-S2, 25.2R2, or later where the issue is resolved. 2. Implement strict ingress and egress traffic filtering on network segments hosting EX4000 devices to limit exposure to high-volume traffic floods, especially from untrusted or external sources. 3. Use rate limiting and anomaly detection on network traffic to identify and block suspicious traffic patterns that could trigger the FXPC crash. 4. Segment critical network infrastructure to reduce the blast radius of potential attacks and isolate vulnerable devices from public-facing networks. 5. Monitor device logs and chassis routing-engine outputs for reboot reason codes indicating watchdog panics or crashes to detect exploitation attempts early. 6. Establish incident response playbooks specific to network device DoS events to minimize downtime and expedite recovery. 7. Engage with Juniper support for guidance and consider deploying additional redundancy or failover mechanisms to maintain network availability during potential attacks or maintenance.