CVE-2025-52987

Medium CVSS: 5.1

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control.

This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

Vendor

Juniper

Product

Paragon Automation

CWE

CWE-1021

Yayın Tarihi

2026-01-15 21:16:02

Güncelleme

2026-01-26 18:01:01

Source Identifier

sirt@juniper.net

KEV Date Added

Kategoriler

CWE-1021 Paragon Automation MEDIUM Juniper 2026

Referanslar

https://kb.juniper.net/JSA103145 https://supportportal.juniper.net/

Benzer Kayıtlar

Critical

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juni…

High

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allo…

High

CVE-2026-21920

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthent…

High

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows…

High

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS E…

Medium

CVE-2026-21912

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statist…