CVE Catalog

CVE-2026-21904

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

A Cross-site Scripting (XSS) vulnerability was found in Juniper Networks Junos Space in the list filter field. It allows an attacker to inject malicious script tags that, when visited by another user (including an administrator), execute commands with the target's permissions. All versions before 24.1R5 Patch V3 are affected.

Risk Assessment

An attacker can hijack an administrator session, leading to full compromise of the Junos Space system and managed network devices.

Recommendation

Immediately upgrade Junos Space to version 24.1R5 Patch V3 or later. Until the update, restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R5 Patch V3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS