Juniper Critical Vulnerabilities April 2026: CVSS 10.0 Remote Code Execution, Root Privilege Escalation

CERT-Bund

Changeflow GovPing Data Privacy & Cybersecurity Juniper Critical Vulnerabilities April 2026: CV...

Urgent Guidance Added Final

Juniper Critical Vulnerabilities April 2026: CVSS 10.0 Remote Code Execution, Root Privilege Escalation

CERT-Bund Security Advisories

Published April 8th, 2026

Detected April 10th, 2026

Email

Summary

CERT-Bund issued security advisory WID-SEC-2026-1022 identifying critical vulnerabilities (CVSS 10.0) in Juniper Apstra, JUNOS OS, JUNOS OS Evolved, QFX Series, MX Series, SRX Series, and Junos Space. Remote attackers can exploit these flaws to gain root privileges, execute arbitrary code, bypass security controls, and exfiltrate sensitive data. Organizations must apply patches immediately to affected systems.

View original document View source feed page

What changed

CERT-Bund disclosed critical CVSS 10.0 vulnerabilities affecting multiple Juniper product families including Apstra, JUNOS OS, JUNOS OS Evolved, QFX Series, MX Series, SRX Series, and Junos Space. The flaws allow remote attackers to achieve privilege escalation to root, execute arbitrary code with elevated privileges, bypass security mechanisms, conduct cross-site scripting attacks, and manipulate data. A temporal CVSS score of 8.7 (high) reflects ongoing exploitability.

Organizations operating Juniper network infrastructure face immediate risk of remote network compromise. Security teams must prioritize patching Juniper Apstra (<6.1.1) and Junos Space (<24.1R5 Patch V3), then systematically address all affected JUNOS OS variants. Network segmentation and monitoring for suspicious activity should be implemented as compensating controls until patches are fully deployed.

What to do next

Apply patches immediately for Juniper Apstra to version 6.1.1 or later
Update Juniper Junos Space to version 24.1R5 Patch V3 or later
Review all Juniper network devices for indicators of compromise and apply vendor patches for JUNOS OS variants

Archived snapshot

Apr 10, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-1022] Juniper Patchday April 2026: Mehrere Schwachstellen CVSS Base Score 10.0 (kritisch) CVSS Temporal Score 8.7 (hoch) Remoteangriff ja Datum 08.04.2026 Stand 09.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

Sonstiges
UNIX

Produktbeschreibung

Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs.
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Die Juniper MX-Serie ist eine Produktfamilie von Routern.
SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.
Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.

Produkte

08.04.2026
- Juniper Apstra <6.1.1

Juniper JUNOS OS
Juniper JUNOS OS Evolved
Juniper QFX Series
Juniper MX Series
Juniper SRX Series
Juniper Junos Space <24.1R5 Patch V3

Angriff

Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen – sogar Root-Rechte – zu erlangen, beliebigen Code auszuführen – auch mit erweiterten Berechtigungen –, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder Daten zu manipulieren. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Budibase Multiple Critical Vulnerabilities Allow Root Code Execution

Urgent Apr 12, 2026 • CERT-Bund Security Advisories • Data Privacy & Cybersecurity

IBM Tivoli Network Manager Critical Vulnerabilities CVSS 9.8

Urgent Apr 11, 2026 • CERT-Bund Security Advisories • Data Privacy & Cybersecurity

Mitel MiCollab Multiple Critical Vulnerabilities Including SQL Injection CVSS 9.8

Urgent Apr 10, 2026 • CERT-Bund Security Advisories • Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss

Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

April 10, 2026

Press inquiries →

Classification

Agency

CERT-Bund

Published

April 8th, 2026

Instrument

Guidance

Legal weight

Non-binding

Stage

Final

Change scope

Substantive

Document ID

WID-SEC-2026-1022

Who this affects

Applies to

Technology companies Government agencies Telecommunications firms

Industry sector

5112 Software & Technology

Activity scope

Network security patching Vulnerability remediation Infrastructure security

Geographic scope

Germany DE

Taxonomy

Primary area

Cybersecurity

Operational domain

IT Security

Compliance frameworks

NIST CSF

Topics

Telecommunications Data Privacy

Juniper Critical Vulnerabilities April 2026: CVSS 10.0 Remote Code Execution, Root Privilege Escalation

Summary

What changed

What to do next

Archived snapshot

Betroffene Systeme

Betriebssystem

Produktbeschreibung

Produkte

Angriff

Angriff

Related changes

Source

About this page

Classification

Who this affects

Taxonomy

Browse Categories

Get alerts for this source

Subscribed!