Juniper Junos OS: 2026-01 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash (JSA106008) (CVE-2026-21909)

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.Memory usage can be monitored through the use of the 'show task memory detail' command. For example:user@junos> show task memory detail | match ted-infra  TED-INFRA-COOKIE           25   1072     28   1184     229user@junos> show task memory detail | match ted-infra  TED-INFRA-COOKIE           31   1360     34   1472     307