CVE-2026-21903

Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

Description

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not seen when YANG packages for the specific sensors were installed. This issue affects Junos OS: * all versions before 22.4R3-S7, * 23.2 version before 23.2R2-S4, * 23.4 versions before 23.4R2.

INFO

Published Date :

2026-01-15T20:18:36.767Z

Last Modified :

2026-01-15T21:12:08.631Z

Source :

juniper

AFFECTED PRODUCTS

The following products are affected by CVE-2026-21903 vulnerability.

Vendors	Products
Juniper Networks	Junos Os

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21903.

URL	Resource
https://kb.juniper.net/JSA106022
https://supportportal.juniper.net/JSA106022

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact