CVE-2026-21916

CWE-614 documents4 sources
Severity
7.0HIGH
EPSS
0.0%
top 98.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Juniper Networks Junos OS
Timeline
PublishedApr 9
Latest updateApr 10

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L

Affected Packages1 packages

CVEListV5juniper_networks/junos_os23.423.4R2-S6+4

🔴Vulnerability Details

3
GHSA
GHSA-x5g9-73r3-vh5h: A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privile2026-04-10
VulDB
Juniper Junos OS up to 25.4R0 symlink (JSA107807)2026-04-10
CVEList
Junos OS: A low privileged user can escalate their privileges so that they can login as root2026-04-09
CVE-2026-21916 (HIGH CVSS 7) | A UNIX Symbolic Link (Symlink) Foll | cvebase.io