CVE-2026-21921 is a Use After Free vulnerability classified under CWE-416, affecting the chassis daemon (chassisd) in Juniper Networks Junos OS and Junos OS Evolved. The flaw arises when telemetry collectors subscribe and unsubscribe repeatedly to sensors over extended periods, causing memory management errors that lead to process crashes. Specifically, processes responsible for telemetry and network management such as chassisd, rpd (routing protocol daemon), and mib2d (SNMP daemon) may crash and restart. Depending on which process crashes, this can cause partial or complete network outages until the system recovers. The vulnerability requires an attacker to be authenticated with low privileges and to have network access to the affected device. It does not require user interaction and does not impact confidentiality or integrity, but it severely impacts availability. Affected versions include all Junos OS releases before 22.4R3-S8, 23.2 versions before 23.2R2-S5, and 23.4 versions before 23.4R2, as well as corresponding Junos OS Evolved versions. The vulnerability was published on January 15, 2026, with a CVSS v3.1 score of 6.5, indicating a medium severity level. No public exploits have been reported yet, but the nature of the vulnerability means that persistent telemetry subscription activity could be weaponized to cause denial-of-service conditions on critical network infrastructure.

For European organizations, this vulnerability poses a significant risk to network availability, particularly for those relying on Juniper Networks devices for telemetry, routing, and network management. A successful exploitation could cause critical network daemons to crash and restart, leading to service outages that disrupt business operations, especially in sectors like telecommunications, finance, and government where network uptime is crucial. The DoS impact could affect data center connectivity, inter-office communications, and cloud service access. Since the vulnerability requires only low-privilege authenticated access, insider threats or compromised low-level accounts could be leveraged to trigger outages. The lack of confidentiality or integrity impact limits data breach risks, but availability disruptions could lead to operational downtime, financial losses, and reputational damage. Organizations with high telemetry subscription rates or automated monitoring systems may be more vulnerable to accidental triggering or targeted exploitation.

European organizations should prioritize upgrading affected Junos OS and Junos OS Evolved devices to the fixed versions: 22.4R3-S8 or later, 23.2R2-S5 or later, and 23.4R2 or later. Until patches are applied, network administrators should monitor telemetry subscription patterns to detect and limit frequent subscribe/unsubscribe activity that could trigger the vulnerability. Implement strict access controls to restrict low-privilege authenticated access to network devices, minimizing the risk of exploitation by unauthorized users. Employ network segmentation and monitoring to detect unusual telemetry traffic patterns indicative of exploitation attempts. Consider temporarily disabling telemetry subscription features if feasible or applying rate limiting on telemetry subscription requests. Regularly audit device logs for crashes or restarts of chassisd, rpd, or mib2d processes to identify early signs of exploitation. Coordinate with Juniper Networks support for guidance and updates. Finally, incorporate this vulnerability into incident response plans to ensure rapid recovery from potential DoS events.