CVE-2026-21904
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
A Cross-site Scripting (XSS) vulnerability was found in Juniper Networks Junos Space in the list filter field. It allows an attacker to inject malicious script tags that, when visited by another user (including an administrator), execute commands with the target's permissions. All versions before 24.1R5 Patch V3 are affected.
Risk Assessment
An attacker can hijack an administrator session, leading to full compromise of the Junos Space system and managed network devices.
Recommendation
Immediately upgrade Junos Space to version 24.1R5 Patch V3 or later. Until the update, restrict management interface access to trusted IP addresses only.
Original NVD description (English source)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R5 Patch V3.

