Description
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.
Published: 2026-01-15
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Data confidentiality at risk
Action: Patch promptly
AI Analysis

Impact

The vulnerability is a Use of a Broken or Risky Cryptographic Algorithm in the TLS/SSL server of Juniper Networks Junos Space, permitting the server to support static key ciphers. Static key ciphers lack Perfect Forward Secrecy and weaken the confidentiality of traffic transmitted over the connection, exposing on‑path traffic to potential compromise.

Affected Systems

All versions of Junos Space prior to 24.1R5 are affected, including releases 24.1R1 through 24.1R4 and any earlier releases. The impact spans the Juniper Networks Junos Space platform wherever those versions are deployed.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity, while an EPSS score of less than 1% suggests low probability of known exploitation so far. It is not listed in the CISA KEV catalog. Based on the presence of a TLS/SSL server, the likely attack vector is remote network connectivity to the TLS/SSL interface; this inference is not explicitly stated in the CVE description. The flaw can be exploited to reduce data confidentiality by enabling static key ciphers.

Generated by OpenCVE AI on April 18, 2026 at 16:08 UTC.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: Junos Space 24.1R5 and all subsequent releases.

Vendor Workaround

There are no direct workarounds for this issue. Ensure any clients connecting to the device do not allow negotiation of static RSA key exchange.

OpenCVE Recommended Actions

  • Upgrade Junos Space to version 24.1R5 or later
  • Configure client applications to disallow static RSA key exchange during TLS handshakes
  • Monitor the cipher suite list to confirm static key ciphers are no longer advertised by the server

Generated by OpenCVE AI on April 18, 2026 at 16:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Juniper
Juniper junos Space
CPEs cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:24.1:r1:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:24.1:r2:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:24.1:r3:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:24.1:r4:*:*:*:*:*:*
Vendors & Products Juniper
Juniper junos Space

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Vendors & Products Juniper Networks
Juniper Networks junos Os

Thu, 15 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
Description A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.
Title Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)
Weaknesses CWE-327
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/RE:M/U:Green'}

Subscriptions

Juniper Junos Space
Juniper Networks Junos Os
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-01-15T21:12:31.198Z

Reserved: 2026-01-05T17:32:48.710Z

Link: CVE-2026-21907

cve-icon Vulnrichment

Updated: 2026-01-15T21:12:29.019Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-15T21:16:06.357

Modified: 2026-01-23T20:02:29.660

Link: CVE-2026-21907

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses