CVE-2026-21919

CWE-8214 documents4 sources
Severity
7.1HIGH
EPSS
0.0%
top 89.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Networks Junos OS Evolved
Timeline
PublishedApr 9
Latest updateApr 10

Description

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manag

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved23.423.4R2-S5-EVO+2
CVEListV5juniper_networks/junos_os23.423.4R2-S4+2

🔴Vulnerability Details

3
VulDB
Juniper Junos OS/Junos OS Evolved Management Daemon incorrect synchronization (JSA106019)2026-04-10
GHSA
GHSA-qv89-vxpv-h7vc: An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based att2026-04-10
CVEList
Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability2026-04-09
CVE-2026-21919 (HIGH CVSS 7.1) | An Incorrect Synchronization vulner | cvebase.io