VDB
GCVE-110-NCSC-2026-17
GCVE-110-NCSC-2026-17
Advisory PublishedCVSS 6.1/10
A clickjacking vulnerability in Juniper Networks Paragon Automation web portal, affecting all versions prior to 24.1.1, allows attackers to manipulate user interactions due to improper HTTP header settings.
Weaknesses (CWE)
CWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-476NULL Pointer DereferenceCWE-755Improper Handling of Exceptional ConditionsCWE-121Stack-based Buffer OverflowCWE-667Improper LockingCWE-1286Improper Validation of Syntactic Correctness of InputCWE-252Unchecked Return ValueCWE-822Untrusted Pointer DereferenceCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-732Incorrect Permission Assignment for Critical ResourceCWE-126Buffer Over-readCWE-416Use After FreeCWE-401Missing Release of Memory after Effective LifetimeCWE-665Improper InitializationCWE-682Incorrect CalculationCWE-1419Incorrect Initialization of ResourceCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-415Double Free
Risk Scores
CVSS 3.1
6.1/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Juniper Networks | vers:unknown/* | — | — |
Aliases
CVE-2024-50302CVE-2025-52987CVE-2025-59959CVE-2025-59960CVE-2025-59961CVE-2025-60003CVE-2025-60007CVE-2025-60011CVE-2026-0203CVE-2026-21903CVE-2026-21905CVE-2026-21906CVE-2026-21907CVE-2026-21908CVE-2026-21909CVE-2026-21910CVE-2026-21911CVE-2026-21912CVE-2026-21913CVE-2026-21914CVE-2026-21917CVE-2026-21918CVE-2026-21920CVE-2026-21921
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.