{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:23:34.560","vulnerabilities":[{"cve":{"id":"CVE-2026-21909","sourceIdentifier":"sirt@juniper.net","published":"2026-01-15T21:16:06.727","lastModified":"2026-01-23T19:40:48.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.\n\nMemory usage can be monitored through the use of the 'show task memory detail' command. For example:\n\nuser@junos> show task memory detail | match ted-infra\n  TED-INFRA-COOKIE             25     1072       28     1184       229\n\n\n\nuser@junos> \n\nshow task memory detail | match ted-infra\n  TED-INFRA-COOKIE             31     1360       34     1472       307\n\nThis issue affects:\n\nJunos OS: \n\n  *  from 23.2 before 23.2R2, \n  *  from 23.4 before 23.4R1-S2, 23.4R2, \n  *  from 24.1 before 24.1R2; \n\n\nJunos OS Evolved: \n\n  *  from 23.2 before 23.2R2-EVO, \n  *  from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, \n  *  from 24.1 before 24.1R2-EVO.\n\n\nThis issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO."},{"lang":"es","value":"Una vulnerabilidad de Missing Release of Memory after Effective Lifetime en el demonio del protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante no autenticado que controla un vecino IS-IS adyacente enviar un paquete de actualización específico causando una fuga de memoria. La recepción y el procesamiento continuos de estos paquetes agotarán toda la memoria disponible, bloqueando rpd y creando una condición de denegación de servicio (DoS).\n\nEl uso de la memoria se puede monitorear mediante el uso del comando 'show task memory detail'. Por ejemplo:\n\nuser@junos> show task memory detail | match ted-infra\n  TED-INFRA-COOKIE             25     1072       28     1184       229\n\n\n\nuser@junos> \n\nshow task memory detail | match ted-infra\n  TED-INFRA-COOKIE             31     1360       34     1472       307\n\nEste problema afecta a:\n\nJunos OS:\n\n  *  desde 23.2 anterior a 23.2R2,\n  *  desde 23.4 anterior a 23.4R1-S2, 23.4R2,\n  *  desde 24.1 anterior a 24.1R2;\n\nJunos OS Evolved:\n\n  *  desde 23.2 anterior a 23.2R2-EVO,\n  *  desde 23.4 anterior a 23.4R1-S2-EVO, 23.4R2-EVO,\n  *  desde 24.1 anterior a 24.1R2-EVO.\n\nEste problema no afecta a las versiones de Junos OS anteriores a 23.2R1 ni a las versiones de Junos OS Evolved anteriores a 23.2R1-EVO."}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.1:-:*:*:*:*:*:*","matchCriteriaId":"58C99F21-D87E-48FD-85EF-9A5EF6DE53B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.1:r1:*:*:*:*:*:*","matchCriteriaId":"0EA5E5D6-F7B5-46BE-B96D-F64CCEAF08F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*","matchCriteriaId":"6DEAA7FD-385F-4221-907E-65ABC16BE4BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"DDEC008A-3137-48D1-8ABC-6DB0EFC40E50"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558D234D-BC50-415F-86D6-8E19D6C3ACE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"33F4EEEE-77E9-4973-A770-99E7BA2F05F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*","matchCriteriaId":"9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"7147BA60-30A5-4CED-9AAF-F6BEA0528B89"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"FB82B22F-9005-4EF0-A1E3-4261757783D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.1:-:*:*:*:*:*:*","matchCriteriaId":"8E41F858-24E8-4986-BED6-BE5151219DEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.1:r1:*:*:*:*:*:*","matchCriteriaId":"EE57490C-2800-4456-8293-B54A255CF348"}]}]}],"references":[{"url":"https://kb.juniper.net/JSA106008","source":"sirt@juniper.net","tags":["Vendor Advisory"]},{"url":"https://supportportal.juniper.net/JSA106008","source":"sirt@juniper.net","tags":["Vendor Advisory"]}]}}]}