The vulnerability is especially dangerous because this model sits in the network core, so attackers could intercept or redirect data, says an expert.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

A critical unauthenticated remote code execution vulnerability (CVE-2026-21902) has been discovered in Juniper PTX series core routers running Junos OS Evolved versions earlier than 25.4R1-S1-EVO and 25.4R2-EVO. The flaw lies in the On-Box Anomaly detection framework, which is enabled by default and incorrectly exposes a critical resource, allowing attackers to execute code as root and take full device control. Because PTX routers sit at the network core, exploitation could enable traffic interception, redirection, and lateral movement. Juniper found the issue internally and is unaware of active exploitation. Admins should patch immediately, apply ACLs to restrict access, or disable the anomaly detection service via CLI as a temporary workaround.

Security hole could let hackers take over Juniper Networks PTX core routers