HIGHCVE-2026-21907Published 2026-01-15Modified 2026-01-15CNA juniper

CVE-2026-21907: Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.

CVSS v4.0: 8.2
Severity: HIGH
Fixed in: 24.1R5
Affected Products: 1

Fix available

24.1R5

Affected packages

Juniper Networks / Junos Space
< 24.1R5 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/RE:M/U:Green

References

supportportal.juniper.net
kb.juniper.net

Metrics

Fix available