Listen to this Post
CVE‑2026‑21910 is a vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS running on EX4k and QFX5k Series platforms. The flaw stems from an improper check for unusual or exceptional conditions when handling link flap events in an EVPN‑VXLAN environment that uses Link Aggregation Groups (LAGs). Under normal operation, when multiple load‑balanced next‑hop routes exist for the same destination, a link flap (interface going up/down) in the LAG should not disrupt traffic forwarding. However, due to the incorrect condition handling, the PFE enters a state where traffic between VXLAN Network Identifiers (VNIs) is dropped permanently. This issue affects only systems that support EVPN‑VXLAN Virtual Port‑Link Aggregation Groups (VPLAG), such as QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650. The attack is triggered by an unauthenticated, network‑adjacent attacker who can physically or logically flap an interface. Once the condition is met, the only recovery method is to restart the affected Flexible PIC Concentrator (FPC) using the `request chassis fpc restart slot
DailyCVE Form:
Platform: Juniper Junos OS (EX4k/QFX5k)
Version: <21.4R3‑S12, 22.2.x, 22.4<22.4R3‑S8, 23.2<23.2R2‑S5, 23.4<23.4R2‑S5
Vulnerability: Improper Check for Unusual/Exceptional Conditions
Severity: Medium (CVSS 6.5)
Date: 2026‑01‑15
Prediction: Patch available in fixed releases (21.4R3‑S12, 22.4R3‑S8, 23.2R2‑S5, 23.4R2‑S5, etc.)
What Undercode Say:
Analytics:
- CVSS v3.1 Base Score: 6.5 (Medium)
- CVSS v4.0 Score: 7.1 (High)
- EPSS Percentile: 15%
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Impact: Availability (High)
Bash Commands & Code Snippets:
Check current Junos OS version show version | match "JUNOS" Verify if the system is running an affected release show version detail | match "21.4|22.2|22.4|23.2|23.4" Restart the affected FPC to recover from the DoS condition request chassis fpc restart slot <slot-number> Monitor FPC status show chassis fpc Example script to detect vulnerable version (bash) junos_version=$(show version | grep -oP 'JUNOS \K[0-9]+.[0-9]+') if [[ "$junos_version" =~ ^(21.4|22.2|22.4|23.2|23.4) ]]; then echo "WARNING: System may be vulnerable to CVE-2026-21910" else echo "Version not in known vulnerable range." fi
Exploit:
An attacker with network adjacency (i.e., on the same broadcast domain) can repeatedly flap a physical or logical interface that is part of an EVPN‑VXLAN VPLAG. By toggling the link state up and down, the attacker forces the PFE to mishandle the exceptional condition, causing all inter‑VNI traffic to be dropped. No authentication is required, and the attack does not depend on any specific payload; it is purely a timing and state‑manipulation attack. Once triggered, the DoS persists until an administrator manually restarts the affected FPC.
Protection:
- Upgrade to a fixed Junos OS release: 21.4R3‑S12, 22.4R3‑S8, 23.2R2‑S5, 23.4R2‑S5, or any later version that includes the patch .
- If immediate upgrade is not possible, disable VPLAG or avoid using EVPN‑VXLAN with LAG on the affected platforms.
- Monitor interface flap events and set up alerts for excessive link toggling.
- Restrict physical access to network ports to prevent unauthorized link flapping.
Impact:
Successful exploitation leads to a complete loss of traffic between VXLAN segments on the affected switch, effectively isolating parts of the network. The service disruption is persistent and requires manual intervention (FPC restart) to restore normal operation. There is no confidentiality or integrity impact, but the availability of the network is severely compromised, potentially affecting all dependent services and applications.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

