CVE-2026-21912

CWE-3674 documents4 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 99.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.421.4R3-S9+6
NVDjuniper/junos< 21.2+7

🔴Vulnerability Details

2
CVEList
Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card reset2026-01-15
GHSA
GHSA-w5q5-7f2p-x4hm: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos2026-01-15

📋Vendor Advisories

1
Juniper
CVE-2026-21912: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos2026-01-15
CVE-2026-21912 (MEDIUM CVSS 6.8) | A Time-of-check Time-of-use (TOCTOU | cvebase.io