Junos OS mgd Null Pointer Deref Before 22.4R3-S10 Causes DoS
CVE-2026-21901 Published on July 9, 2026
Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash
A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS).
A local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* from 22.3 before 22.3R3-S5;
* from 22.4 before 22.4R3-S10;
* from 23.2 before 23.2R2-S7;
* from 23.4 before 23.4R2-S8.
This issue does not affect Junos OS before 22.3R1.
Junos OS Evolved:
* from 22.3R1-EVO before 23.2R2-S7-EVO;
* from 23.4 before 23.4R2-S8-EVO.
This issue does not affect Junos OS Evolved before 22.3R1-EVO.
Vulnerability Analysis
CVE-2026-21901 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-21901. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-21901
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS:- Version 22.3 and below 22.3R3-S5 is affected.
- Version 22.4 and below 22.4R3-S10 is affected.
- Version 23.2 and below 23.2R2-S7 is affected.
- Version 23.4 and below 23.4R2-S8 is affected.
- Before 22.3R1 is unaffected.
- Version 23.2 and below 23.2R2-S7-EVO is affected.
- Version 23.4 and below 23.4R2-S8-EVO is affected.
- Before 22.3R1-EVO is unaffected.