CVE-2026-21921 is a Use After Free vulnerability classified under CWE-416 found in the chassis daemon (chassisd) component of Juniper Networks Junos OS and Junos OS Evolved. The flaw arises when telemetry collectors frequently subscribe and unsubscribe to sensors over extended periods, causing memory management errors that lead to use-after-free conditions. This triggers crashes in telemetry-capable processes including chassisd, rpd, and mib2d. These crashes cause the affected processes to restart, which depending on the process, can lead to partial or complete network outages until recovery is complete. The vulnerability requires network access and low-privilege authentication but does not require user interaction. It affects all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, and 23.4 versions before 23.4R2 for both Junos OS and Junos OS Evolved. The CVSS v3.1 score is 6.5, indicating a medium severity primarily due to the high impact on availability (denial of service) without affecting confidentiality or integrity. No public exploits have been reported yet, but the vulnerability could be leveraged to disrupt network operations by causing repeated process crashes. Juniper has released patches in the specified fixed versions to address this issue.

The primary impact of CVE-2026-21921 is denial-of-service caused by crashes and restarts of critical telemetry processes on Juniper network devices. For European organizations, this can translate into network outages, degraded performance, or loss of telemetry data critical for network monitoring and management. Organizations relying heavily on Juniper routers and switches for core networking, especially those using telemetry for real-time monitoring, risk operational disruptions. This can affect ISPs, financial institutions, government agencies, and large enterprises with complex network infrastructures. The downtime caused by process crashes can lead to service interruptions, impacting business continuity and potentially violating regulatory uptime requirements. Since the vulnerability requires low-privilege authentication, insider threats or compromised credentials could be exploited to trigger the DoS. The lack of confidentiality or integrity impact reduces risks of data breaches but availability loss remains a significant concern.

1. Upgrade affected Junos OS and Junos OS Evolved devices to the fixed versions: 22.4R3-S8 or later, 23.2R2-S5 or later, and 23.4R2 or later. 2. Limit the frequency of telemetry subscription and unsubscription requests to reduce the risk of triggering the use-after-free condition. 3. Implement strict access controls and monitoring on network management interfaces to prevent unauthorized or low-privilege users from abusing telemetry subscription mechanisms. 4. Monitor telemetry-capable processes (chassisd, rpd, mib2d) for abnormal crashes or restarts and establish alerting to respond quickly to potential exploitation attempts. 5. Employ network segmentation and least privilege principles to restrict access to Juniper device management interfaces. 6. Regularly audit and rotate credentials used for device management to mitigate risks from compromised accounts. 7. Engage with Juniper support and subscribe to security advisories for timely updates and patches.