UNIX symbolic link following in Junos OS - CVE-2026-21916
Published: May 8, 2026
Vulnerability identifier: #VU130687
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-21916
CWE-ID: CWE-61
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS
Junos OS
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges to root.
The vulnerability exists due to unix symbolic link following in the CLI when performing a specific 'file link' operation and another user commits unrelated configuration changes. A local user can perform the crafted CLI operation to escalate privileges to root.
User interaction by another user is required to commit unrelated configuration changes after the 'file link' operation.
How to mitigate CVE-2026-21916
Install security update from vendor's website.