Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2368 vulnerabilities by juniper

    CVE-2026-57028 (GCVE-0-2026-57028)

    Vulnerability from nvd – Published: 2026-07-09 21:08 – Updated: 2026-07-10 14:37
    VLAI
    Title
    Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
    Summary
    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management. This issue affects all Junos OS Evolved versions before 23.2R2-EVO.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T14:37:11.630273Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T14:37:21.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\u003c/p\u003e\u003cp\u003eThis issue affects all Junos OS Evolved versions before 23.2R2-EVO.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.\n\n\nDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\n\nThis issue affects all Junos OS Evolved versions before 23.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:08:25.702Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110088"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110088",
            "defect": [
              "1729581"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\n\n\n\nPlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57028",
        "datePublished": "2026-07-09T21:08:25.702Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-10T14:37:21.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33803 (GCVE-0-2026-33803)

    Vulnerability from nvd – Published: 2026-07-09 21:04 – Updated: 2026-07-10 13:30
    VLAI
    Title
    Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
    Summary
    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets. This issue affects Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-S5-EVO, * 24.4 versions before 24.4R2-S4-EVO, * 25.2 versions before 25.2R2-S1-EVO, * 25.4 versions before 25.4R1-S2-EVO.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-S7-EVO (custom)
    Affected: 23.4 , < 23.4R2-S8-EVO (custom)
    Affected: 24.2 , < 24.2R2-S5-EVO (custom)
    Affected: 24.4 , < 24.4R2-S4-EVO (custom)
    Affected: 25.2 , < 25.2R2-S1-EVO (custom)
    Affected: 25.4 , < 25.4R1-S2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T13:30:15.593698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T13:30:26.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2-S1-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S2-EVO",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\nDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\n\nThis issue affects Junos OS Evolved:\n\n\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-S5-EVO,\n  *  24.4 versions before 24.4R2-S4-EVO,\n  *  25.2 versions before 25.2R2-S1-EVO,\n  *  25.4 versions before 25.4R1-S2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:04:14.997Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110078"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-S5-EVO, 24.4R2-S4-EVO, 25.2R2-S1-EVO, 25.4R1-S2-EVO, 25.4R2-EVO, 26.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-S5-EVO, 24.4R2-S4-EVO, 25.2R2-S1-EVO, 25.4R1-S2-EVO, 25.4R2-EVO, 26.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110078",
            "defect": [
              "1909908"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003ePlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nPlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33803",
        "datePublished": "2026-07-09T21:04:14.997Z",
        "dateReserved": "2026-03-23T19:46:13.674Z",
        "dateUpdated": "2026-07-10T13:30:26.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33801 (GCVE-0-2026-33801)

    Vulnerability from nvd – Published: 2026-07-09 21:03 – Updated: 2026-07-10 13:31
    VLAI
    Title
    Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS). Upon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects: * Junos OS versions 25.2 before 25.2R2; * Junos OS Evolved versions 25.2 before 25.2R2-EVO. This issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 25.2 , < 25.2R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33801",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T13:30:53.472301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T13:31:03.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cp\u003eUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJunos OS versions 25.2 before 25.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eJunos OS Evolved versions 25.2 before 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\n\nUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\n\n\nThis issue affects:\n\n\n\n  *  Junos OS versions 25.2 before 25.2R2;\n\n\n  *  Junos OS Evolved versions 25.2 before 25.2R2-EVO.\n\n\n\n\nThis issue doesn\u0027t affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:03:24.796Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110076"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110076",
            "defect": [
              "1907528"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33801",
        "datePublished": "2026-07-09T21:03:24.796Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-10T13:31:03.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33799 (GCVE-0-2026-33799)

    Vulnerability from nvd – Published: 2026-07-09 21:02 – Updated: 2026-07-10 13:31
    VLAI
    Title
    Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash
    Summary
    An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP. Memory usage can be monitored using the following command: user@device> show system processes extensive | match snmpd This issue affects: Junos OS: * all versions before 21.2R3-S8; * from 21.4 before 21.4R3-S7; * from 22.1 before 22.1R3-S6; * from 22.2 before 22.2R3-S4; * from 22.3 before 22.3R3-S3; * from 22.4 before 22.4R3-S2; * from 23.2 before 23.2R2; * from 23.4 before 23.4R2. Junos OS Evolved: * all versions before 21.2R3-S8-EVO; * from 21.4 before 21.4R3-S7-EVO; * all versions of 22.1-EVO, * from 22.2 before 22.2R3-S4-EVO; * from 22.3 before 22.3R3-S3-EVO; * all versions of 22.4-EVO, * from 23.2 before 23.2R2-EVO; * from 23.4 before 23.4R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 21.2R3-S8 (custom)
    Affected: 21.4 , < 21.4R3-S7 (custom)
    Affected: 22.1 , < 22.1R3-S6 (custom)
    Affected: 22.2 , < 22.2R3-S4 (custom)
    Affected: 22.3 , < 22.3R3-S3 (custom)
    Affected: 22.4 , < 22.4R3-S2 (custom)
    Affected: 23.2 , < 23.2R2 (custom)
    Affected: 23.4 , < 23.4R2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 21.2R3-S8-EVO (custom)
    Affected: 21.4 , < 21.4R3-S7-EVO (custom)
    Affected: 22.1 , < 22.1* (custom)
    Affected: 22.2 , < 22.2R3-S4-EVO (custom)
    Affected: 22.3 , < 22.3R3-S3-EVO (custom)
    Affected: 22.4 , < 22.4* (custom)
    Affected: 23.2 , < 23.2R2-EVO (custom)
    Affected: 23.4 , < 23.4R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T13:31:41.445568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T13:31:54.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "21.2R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.4R3-S7",
                  "status": "affected",
                  "version": "21.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.1R3-S6",
                  "status": "affected",
                  "version": "22.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.2R3-S4",
                  "status": "affected",
                  "version": "22.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R3-S3",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4R3-S2",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "21.2R3-S8-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.4R3-S7-EVO",
                  "status": "affected",
                  "version": "21.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.1*",
                  "status": "affected",
                  "version": "22.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.2R3-S4-EVO",
                  "status": "affected",
                  "version": "22.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R3-S3-EVO",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4*",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue requires that SNMPv3 be configured. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[snmp engine-id use-default-ip-address]\u003cbr\u003e[snmp v3 usm local-engine user \u0026lt;username\u0026gt; authentication-\u0026lt;method\u0026gt; ...]\u003cbr\u003e[snmp v3 vacm security-to-group security-model usm security-name \u0026lt;name\u0026gt; group \u0026lt;group\u0026gt;]\u003cbr\u003e[snmp v3 vacm access group \u0026lt;group\u0026gt; default-context-prefix security-model usm security-level \u0026lt;level\u0026gt; ...]\u003c/tt\u003e"
                }
              ],
              "value": "This issue requires that SNMPv3 be configured. For example:\n\n[snmp engine-id use-default-ip-address]\n[snmp v3 usm local-engine user \u003cusername\u003e authentication-\u003cmethod\u003e ...]\n[snmp v3 vacm security-to-group security-model usm security-name \u003cname\u003e group \u003cgroup\u003e]\n[snmp v3 vacm access group \u003cgroup\u003e default-context-prefix security-model usm security-level \u003clevel\u003e ...]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\u003cbr\u003e\u003cbr\u003eMemory usage can be monitored using the following command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show system processes extensive | match snmpd\u003c/tt\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8-EVO;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7-EVO;\u003c/li\u003e\u003cli\u003eall versions of 22.1-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3-EVO;\u003c/li\u003e\u003cli\u003eall versions of 22.4-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-EVO;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\n\nMemory usage can be monitored using the following command:\n\nuser@device\u003e show system processes extensive | match snmpd\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  all versions before 21.2R3-S8;\n  *  from 21.4 before 21.4R3-S7;\n  *  from 22.1 before 22.1R3-S6;\n  *  from 22.2 before 22.2R3-S4;\n  *  from 22.3 before 22.3R3-S3;\n  *  from 22.4 before 22.4R3-S2;\n  *  from 23.2 before 23.2R2;\n  *  from 23.4 before 23.4R2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 21.2R3-S8-EVO;\n  *  from 21.4 before 21.4R3-S7-EVO;\n  *  all versions of 22.1-EVO,\n  *  from 22.2 before 22.2R3-S4-EVO;\n  *  from 22.3 before 22.3R3-S3-EVO;\n  *  all versions of 22.4-EVO,\n  *  from 23.2 before 23.2R2-EVO;\n  *  from 23.4 before 23.4R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:02:31.614Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110074"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\n\u003cbr\u003e\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110074",
            "defect": [
              "1769065"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of malicious exploitation, use access lists or firewall filters to limit access to the device via SNMPv3 only from trusted hosts."
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of malicious exploitation, use access lists or firewall filters to limit access to the device via SNMPv3 only from trusted hosts."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33799",
        "datePublished": "2026-07-09T21:02:31.614Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-10T13:31:54.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33797 (GCVE-0-2026-33797)

    Vulnerability from nvd – Published: 2026-04-09 21:31 – Updated: 2026-04-23 20:08
    VLAI
    Title
    Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset
    Summary
    An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 25.2 , < 25.2R2 (semver)
    Unaffected: 0 , < 25.2R1 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 25.2 , < 25.2R2-EVO (semver)
    Unaffected: 0 , < 25.2R1-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:40:25.675431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.434Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "bgp"
              ],
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1-EVO",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctt\u003e\u0026nbsp; [ protocols bgp group \u0026lt;group\u0026gt; neighbor ]\u003c/tt\u003e\u003cbr\u003e"
                }
              ],
              "value": "[ protocols bgp group \u003cgroup\u003e neighbor ]"
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker repeatedly sending the packet will sustain the Denial of Service (DoS).\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003e25.2 versions before 25.2R2\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS versions before 25.2R1.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e25.2-EVO versions before 25.2R2-EVO\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS Evolved versions before 25.2R1-EVO.\u003cbr\u003e\u003cbr\u003eeBGP and iBGP are affected.\u003cbr\u003eIPv4 and IPv6 are affected.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).\n\nAn attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS:\n\n  *  25.2 versions before 25.2R2\n\n\nThis issue does not affect Junos OS versions before 25.2R1.\n\nThis issue affects Junos OS Evolved: \n  *  25.2-EVO versions before 25.2R2-EVO\n\n\nThis issue does not affect Junos OS Evolved versions before 25.2R1-EVO.\n\neBGP and iBGP are affected.\nIPv4 and IPv6 are affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T20:08:35.655Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107850"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA107850"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS:\u0026nbsp;25.2R2,\u0026nbsp;25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS:\u00a025.2R2,\u00a025.4R1, and all subsequent releases.\nJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107850",
            "defect": [
              "1893316"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33797",
        "datePublished": "2026-04-09T21:31:22.902Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-04-23T20:08:35.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33793 (GCVE-0-2026-33793)

    Vulnerability from nvd – Published: 2026-04-09 21:24 – Updated: 2026-04-16 15:14
    VLAI
    Title
    Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system
    Summary
    An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.  This issue affects Junos OS:  * All versions before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R1-S2, 24.2R2,  * from 24.4 before 24.4R1-S2, 24.4R2;  Junos OS Evolved:  * All versions before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S4-EVO,  * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-EVO,  * from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S7 (semver)
    Affected: 23.2 , < 23.2R2-S4 (semver)
    Affected: 23.4 , < 23.4R2-S6 (semver)
    Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver)
    Affected: 24.4 , < 24.4R1-S2, 24.4R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 22.4R3-S7-EVO (semver)
    Affected: 23.2 , < 23.2R2-S4-EVO (semver)
    Affected: 23.4 , < 23.4R2-S6-EVO (semver)
    Affected: 24.2 , < 24.2R2-EVO (semver)
    Affected: 24.4 , < 24.4R1-S1-EVO, 24.4R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T03:55:39.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S4",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R1-S2, 24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R1-S2, 24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S7-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S4-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R1-S1-EVO, 24.4R2-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue can affect all systems with Python 3 op scripts enabled:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system scripts language python3 ]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eHowever, the risk of malicious exploitation is significantly higher when the ability to execute Python 3 op scripts from a remote location is enabled:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e[ system scripts op allow-url-for-python ]\u003c/tt\u003e\n\n\u003cbr\u003e\u003cbr\u003eStarting in Junos OS Evolved Release 21.2R1, the \u003ctt\u003ejunos-defaults\u003c/tt\u003e configuration group includes \u0027\u003ctt\u003esystem scripts language python3\u003c/tt\u003e\u0027 enabled by default.\u003cbr\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "This issue can affect all systems with Python 3 op scripts enabled:\n\n[ system scripts language python3 ]\n\nHowever, the risk of malicious exploitation is significantly higher when the ability to execute Python 3 op scripts from a remote location is enabled:\n\n\n\n[ system scripts op allow-url-for-python ]\n\n\n\nStarting in Junos OS Evolved Release 21.2R1, the junos-defaults configuration group includes \u0027system scripts language python3\u0027 enabled by default."
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Execution with Unnecessary Privileges vulnerability\u0026nbsp;in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.\u003cbr\u003e\u003cbr\u003eWhen a\u0026nbsp;configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u0026nbsp;\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.4R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before\u0026nbsp;23.4R2-S6,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R1-S2, 24.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.4R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before\u0026nbsp;23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "An Execution with Unnecessary Privileges vulnerability\u00a0in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.\n\nWhen a\u00a0configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.\u00a0\n\nThis issue affects Junos OS:\u00a0\n\n  *  All versions before 22.4R3-S7,\u00a0\n  *  from 23.2 before 23.2R2-S4,\u00a0\n  *  from 23.4 before\u00a023.4R2-S6,\n  *  from 24.2 before 24.2R1-S2, 24.2R2,\u00a0\n  *  from 24.4 before 24.4R1-S2, 24.4R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 22.4R3-S7-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S4-EVO,\u00a0\n  *  from 23.4 before\u00a023.4R2-S6-EVO,\n  *  from 24.2 before 24.2R2-EVO,\u00a0\n  *  from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250: Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T15:14:18.212Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA103142"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S6-EVO, 24.2R2-EVO, 24.4R1-S1-EVO, 24.4R2-EVO, 25.2R1-EVO and all subsequent releases.\u003cbr\u003e\u003cbr\u003eJunos OS: 22.4R3-S7, 23.2R2-S4, 23.4R2-S6, 24.2R1-S2, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1 and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S6-EVO, 24.2R2-EVO, 24.4R1-S1-EVO, 24.4R2-EVO, 25.2R1-EVO and all subsequent releases.\n\nJunos OS: 22.4R3-S7, 23.2R2-S4, 23.4R2-S6, 24.2R1-S2, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1 and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA103142",
            "defect": [
              "1842247"
            ],
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-08T16:00:00.000Z",
              "value": "Initial Publication"
            },
            {
              "lang": "en",
              "time": "2026-04-16T16:00:00.000Z",
              "value": "While \u0027language python3\u0027 allows an attacker to execute local Python scripts, the scenario with the highest risk of malicious exploitation occurs when an attacker can execute remote Python scripts"
            }
          ],
          "title": "Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33793",
        "datePublished": "2026-04-09T21:24:50.485Z",
        "dateReserved": "2026-03-23T19:46:13.672Z",
        "dateUpdated": "2026-04-16T15:14:18.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33791 (GCVE-0-2026-33791)

    Vulnerability from nvd – Published: 2026-04-09 21:38 – Updated: 2026-04-22 14:48
    VLAI
    Title
    Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root
    Summary
    An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS:  * all versions before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S7,  * from 24.2 before 24.2R2-S2,  * from 24.4 before 24.4R2,  * from 25.2 before 25.2R2;  Junos OS Evolved:  * all versions before 22.4R3-S8-EVO,  * from 23.2 before 23.2R2-S5-EVO,  * from 23.4 before 23.4R2-S7-EVO,  * from 24.2 before 24.2R2-S2-EVO,  * from 24.4 before 24.4R2-EVO,  * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S8 (semver)
    Affected: 23.2 , < 23.2R2-S5 (semver)
    Affected: 23.4 , < 23.4R2-S7 (semver)
    Affected: 24.2 , < 24.2R2-S2 (semver)
    Affected: 24.4 , < 24.4R2 (semver)
    Affected: 25.2 , < 25.2R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 22.4R3-S8-EVO (semver)
    Affected: 23.2 , < 23.2R2-S5-EVO (semver)
    Affected: 23.4 , < 23.4R2-S7-EVO (semver)
    Affected: 24.2 , < 24.2R2-S2-EVO (semver)
    Affected: 24.4 , < 24.4R2-EVO (semver)
    Affected: 25.2 , < 25.2R1-S1-EVO, 25.2R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T03:55:33.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S5",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S8-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S5-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S7-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1-S1-EVO, 25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system.\u003cbr\u003e\u003cbr\u003eCertain \u0027set system\u0027 commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system.\n\nCertain \u0027set system\u0027 commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8,\u00a0\n  *  from 23.2 before 23.2R2-S5,\u00a0\n  *  from 23.4 before 23.4R2-S7,\u00a0\n  *  from 24.2 before 24.2R2-S2,\u00a0\n  *  from 24.4 before 24.4R2,\u00a0\n  *  from 25.2 before 25.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S5-EVO,\u00a0\n  *  from 23.4 before 23.4R2-S7-EVO,\u00a0\n  *  from 24.2 before 24.2R2-S2-EVO,\u00a0\n  *  from 24.4 before 24.4R2-EVO,\u00a0\n  *  from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:48:22.085Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107875"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA107875"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS 22.4R3-S8, 23.2R2-S5, 23.4R2-S7, 24.2R2-S2, 24.4R2, 25.2R2, 25.4R1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and all subsequent releases.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S7-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and all subsequent releases.\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS 22.4R3-S8, 23.2R2-S5, 23.4R2-S7, 24.2R2-S2, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.\n\n\n\n\nJunos OS Evolved 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S7-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107875",
            "defect": [
              "1872082"
            ],
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-08T16:00:00.000Z",
              "value": "Initial Publication"
            },
            {
              "lang": "en",
              "time": "2026-04-22T16:00:00.000Z",
              "value": "Clarified that workarounds will prevent malicious exploitation"
            }
          ],
          "title": "Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "One of the following mitigations will prevent malicious exploitation:\u003cbr\u003e\u003cul\u003e\u003cli\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/li\u003e\u003cli\u003eAvoid configuring access to any part of the \u0027\u003ctt\u003eset system\u003c/tt\u003e\u0027\u200b stanza for non-privileged users.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "One of the following mitigations will prevent malicious exploitation:\n  *  Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n  *  Avoid configuring access to any part of the \u0027set system\u0027\u200b stanza for non-privileged users."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33791",
        "datePublished": "2026-04-09T21:38:52.747Z",
        "dateReserved": "2026-03-23T19:46:13.672Z",
        "dateUpdated": "2026-04-22T14:48:22.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33784 (GCVE-0-2026-33784)

    Vulnerability from nvd – Published: 2026-04-09 21:36 – Updated: 2026-04-13 18:06
    VLAI
    Title
    JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access
    Summary
    A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107871 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks JSI LWC Affected: 0 , < 3.0.94 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:54:25.395838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "vLWC"
              ],
              "product": "JSI LWC",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "3.0.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Default Password vulnerability in the Juniper Networks \n\nSupport Insights (JSI) \n\nVirtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.\u003cbr\u003e\u003cbr\u003evLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.\u003cp\u003eThis issue affects all versions of vLWC before 3.0.94.\u003c/p\u003e"
                }
              ],
              "value": "A Use of Default Password vulnerability in the Juniper Networks \n\nSupport Insights (JSI) \n\nVirtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.\n\nvLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1393",
                  "description": "CWE-1393 Use of Default Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:36:37.519Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107871"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases.\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107871",
            "defect": [
              "JDEF-1032"
            ],
            "discovery": "INTERNAL"
          },
          "title": "JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The password can be changed in the setup menu of the device, which is described at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/jsi/vlwc-deploy/topics/topic-map/configure-settings-jsi-shell.html\"\u003eConfigure Network Settings through JSI Shell | Juniper Support Insights | Juniper Networks\u003c/a\u003e"
                }
              ],
              "value": "The password can be changed in the setup menu of the device, which is described at\u00a0 Configure Network Settings through JSI Shell | Juniper Support Insights | Juniper Networks https://www.juniper.net/documentation/us/en/software/jsi/vlwc-deploy/topics/topic-map/configure-settings-jsi-shell.html"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33784",
        "datePublished": "2026-04-09T21:36:37.519Z",
        "dateReserved": "2026-03-23T19:46:13.670Z",
        "dateUpdated": "2026-04-13T18:06:19.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33780 (GCVE-0-2026-33780)

    Vulnerability from nvd – Published: 2026-04-09 21:29 – Updated: 2026-04-13 18:06
    VLAI
    Title
    Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald
    Summary
    A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107819 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S5 (semver)
    Affected: 23.2 , < 23.2R2-S3 (semver)
    Affected: 23.4 , < 23.4R2-S4 (semver)
    Affected: 24.2 , < 24.2R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: all version prior to , < 22.4R3-S5-EVO (semver)
    Affected: 23.2 , < 23.2R2-S3-EVO (semver)
    Affected: 23.4 , < 23.4R2-S4-EVO (semver)
    Affected: 24.2 , < 24.2R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:39:43.706961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S3",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S4",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S5-EVO",
                  "status": "affected",
                  "version": "all version prior to",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S3-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S4-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "To be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options."
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the\u0026nbsp;Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\u003cbr\u003e\u003cbr\u003eUse the following command to monitor the memory consumption by l2ald:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show system process extensive | match \"PID|l2ald\"\u003c/tt\u003e \n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S5-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device\u003e show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  all versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S5-EVO,\n  *  23.2 versions before 23.2R2-S3-EVO,\n  *  23.4 versions before 23.4R2-S4-EVO,\n  *  24.2 versions before 24.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:29:20.534Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107819"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107819",
            "defect": [
              "1824956"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33780",
        "datePublished": "2026-04-09T21:29:20.534Z",
        "dateReserved": "2026-03-23T19:46:13.669Z",
        "dateUpdated": "2026-04-13T18:06:19.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33776 (GCVE-0-2026-33776)

    Vulnerability from nvd – Published: 2026-04-09 21:34 – Updated: 2026-04-10 14:13
    VLAI
    Title
    Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information
    Summary
    A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107866 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S8 (semver)
    Affected: 23.2 , < 23.2R2-S6 (semver)
    Affected: 23.4 , < 23.4R2-S6 (semver)
    Affected: 24.2 , < 24.2R2-S4 (semver)
    Affected: 24.4 , < 24.4R2-S1 (semver)
    Affected: 25.2 , < 25.2R1-S2, 25.2R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-S6-EVO (semver)
    Affected: 23.4 , < 23.4R2-S6-EVO (semver)
    Affected: 24.2 , < 24.2R2-S4-EVO (semver)
    Affected: 24.4 , < 24.4R2-S1-EVO (semver)
    Affected: 25.2 , < 25.2R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T14:12:01.071120Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T14:13:45.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S6",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-S1",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1-S2, 25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S6-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S4-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-S1-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.\u003cbr\u003e\u003cbr\u003eA local user with low privileges can execute the CLI command \u0027show mgd\u0027 with specific arguments which will expose sensitive information.\u003cbr\u003e\u003cbr\u003eThis issue affects\u003cbr\u003e\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S6,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S1,\u003c/li\u003e\u003cli\u003e25.2 version before 25.2R1-S2, 25.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S6-EVO,\u003c/li\u003e\u003cli\u003e23.4 version before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 version before 24.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S1-EVO,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.\n\nA local user with low privileges can execute the CLI command \u0027show mgd\u0027 with specific arguments which will expose sensitive information.\n\nThis issue affects\n\nJunos OS:\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S1,\n  *  25.2 version before 25.2R1-S2, 25.2R2;\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S6-EVO,\n  *  23.4 version before 23.4R2-S6-EVO,\n  *  24.2 version before 24.2R2-S4-EVO,\n  *  24.4 versions before 24.4R2-S1-EVO,\n  *  25.2 versions before 25.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:34:50.469Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107866"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 23.2R2-S6-EVO, 23.4R2-S6-EVO, 2\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.2R2-S4-EVO, 2\u003c/span\u003e4.4R2-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S4, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 23.2R2-S6-EVO, 23.4R2-S6-EVO, 24.2R2-S4-EVO, 24.4R2-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S4, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107866",
            "defect": [
              "1704886"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUtilize CLI authorization to disallow execution of the \u0027\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshow mgd\u0027\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;commands.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the \u0027show mgd\u0027\u00a0commands."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33776",
        "datePublished": "2026-04-09T21:34:50.469Z",
        "dateReserved": "2026-03-23T19:46:13.669Z",
        "dateUpdated": "2026-04-10T14:13:45.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33771 (GCVE-0-2026-33771)

    Vulnerability from nvd – Published: 2026-04-09 21:33 – Updated: 2026-04-13 18:06
    VLAI
    Title
    CTP OS: Configuring password requirements does not work which permits the use of weak passwords
    Summary
    A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option "Show password requirements". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access. This issue affects CTP OS versions 9.2R1 and 9.2R2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107864 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks CTP OS Affected: 9.2R1 , ≤ 9.2R2 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 04:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:53:27.069919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CTP OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThanOrEqual": "9.2R2",
                  "status": "affected",
                  "version": "9.2R1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T04:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\u003cbr\u003e\u003cbr\u003eThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects CTP OS versions 9.2R1 and 9.2R2.\u003c/p\u003e"
                }
              ],
              "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\n\nThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\n\n\n\nThis issue affects CTP OS versions 9.2R1 and 9.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:33:57.007Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107864"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 9.3R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 9.3R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107864",
            "defect": [
              "1924398"
            ],
            "discovery": "USER"
          },
          "title": "CTP OS: Configuring password requirements does not work which permits the use of weak passwords",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33771",
        "datePublished": "2026-04-09T21:33:57.007Z",
        "dateReserved": "2026-03-23T19:46:13.667Z",
        "dateUpdated": "2026-04-13T18:06:19.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21919 (GCVE-0-2026-21919)

    Vulnerability from nvd – Published: 2026-04-09 21:26 – Updated: 2026-04-13 18:06
    VLAI
    Title
    Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability
    Summary
    An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover. This issue can be monitored by checking for mgd processes in lockf state in the output of 'show system processes extensive': user@host> show system processes extensive | match mgd <pid> root       20   0 501M 4640K lockf   1 0:01 0.00% mgd If the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won't invoke mgd), mgd processes in this state can be killed with 'request system process terminate <PID>' from the CLI or with 'kill -9 <PID>' from the shell.  This issue affects: Junos OS: * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; This issue does not affect Junos OS versions before 23.4R1; Junos OS Evolved: * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved versions before 23.4R1-EVO;
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-821 - Incorrect Synchronization
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA106019 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.4 , < 23.4R2-S4 (semver)
    Affected: 24.2 , < 24.2R2-S1 (semver)
    Affected: 24.4 , < 24.4R1-S3, 24.4R2 (semver)
    Unaffected: all version prior to , < 23.4R1 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 23.4 , < 23.4R2-S5-EVO (semver)
    Affected: 24.2 , < 24.2R2-S1-EVO (semver)
    Affected: 24.4 , < 24.4R1-S3-EVO, 24.4R2-EVO (semver)
    Unaffected: all version prior to , < 23.4R1-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:38:59.428723Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:20.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.4R2-S4",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S1",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R1-S3, 24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R1",
                  "status": "unaffected",
                  "version": "all version prior to",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.4R2-S5-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S1-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R1-S3-EVO, 24.4R2-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R1-EVO",
                  "status": "unaffected",
                  "version": "all version prior to",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue the device needs to be configured for NETCONF as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services\u0026nbsp;netconf ... ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue the device needs to be configured for NETCONF as follows:\n\n[ system services\u00a0netconf ... ]"
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.\u003cbr\u003e\u003cbr\u003eWhen NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover.\u003cbr\u003e\u003cbr\u003eThis issue can be monitored by checking for mgd processes in lockf state in the output of \u0027show system processes extensive\u0027:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show system processes extensive | match mgd\u003cbr\u003e\u0026lt;pid\u0026gt; root  \u0026nbsp; \u0026nbsp; \u0026nbsp;  20  \u0026nbsp; 0   501M  4640K lockf  \u0026nbsp; 1   0:01   0.00% mgd\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eIf the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won\u0027t invoke mgd), mgd processes in this state can be killed with \u0027request system process terminate \u0026lt;PID\u0026gt;\u0027 from the CLI or with \u0027kill -9 \u0026lt;PID\u0026gt;\u0027 from the shell.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3, 24.4R2;\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003eThis issue does not affect Junos OS versions before 23.4R1;\u003c/p\u003e\n\n\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S5-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue does not affect Junos OS Evolved versions before 23.4R1-EVO;\u003c/p\u003e\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.\n\nWhen NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover.\n\nThis issue can be monitored by checking for mgd processes in lockf state in the output of \u0027show system processes extensive\u0027:\n\nuser@host\u003e show system processes extensive | match mgd\n\u003cpid\u003e root  \u00a0 \u00a0 \u00a0  20  \u00a0 0   501M  4640K lockf  \u00a0 1   0:01   0.00% mgd\n\n\nIf the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won\u0027t invoke mgd), mgd processes in this state can be killed with \u0027request system process terminate \u003cPID\u003e\u0027 from the CLI or with \u0027kill -9 \u003cPID\u003e\u0027 from the shell.\u00a0\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R1-S3, 24.4R2;\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1;\n\n\n\nJunos OS Evolved:\n\n  *  23.4 versions before 23.4R2-S5-EVO,\n  *  24.2 versions before 24.2R2-S1-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions before 23.4R1-EVO;"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-821",
                  "description": "CWE-821 Incorrect Synchronization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:26:46.081Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA106019"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 23.4R2-S4, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 23.4R2-S4, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA106019",
            "defect": [
              "1866577"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eTo further reduce the risk of exploitation you can set values as low as needed for your normal operations for:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services netconf\u0026nbsp;ssh\u0026nbsp;connection-limit \u0026lt;max_connections\u0026gt; ]\u003cbr\u003e[ system services netconf ssh\u0026nbsp;rate-limit \u0026lt;connections_per_minute\u0026gt; ]\u003c/tt\u003e\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\n\nTo further reduce the risk of exploitation you can set values as low as needed for your normal operations for:\n\n[ system services netconf\u00a0ssh\u00a0connection-limit \u003cmax_connections\u003e ]\n[ system services netconf ssh\u00a0rate-limit \u003cconnections_per_minute\u003e ]"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21919",
        "datePublished": "2026-04-09T21:26:46.081Z",
        "dateReserved": "2026-01-05T17:32:48.711Z",
        "dateUpdated": "2026-04-13T18:06:20.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21916 (GCVE-0-2026-21916)

    Vulnerability from nvd – Published: 2026-04-09 21:28 – Updated: 2026-04-13 13:04
    VLAI
    Title
    Junos OS: A low privileged user can escalate their privileges so that they can login as root
    Summary
    A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-61 - UNIX Symbolic Link (Symlink) Following
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107807 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (semver)
    Affected: 23.4 , < 23.4R2-S6 (semver)
    Affected: 24.2 , < 24.2R2-S3 (semver)
    Affected: 24.4 , < 24.4R2-S2 (semver)
    Affected: 25.2 , < 25.2R2 (semver)
    Unaffected: 25.4R1
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T03:56:11.604149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T13:04:16.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-S2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "25.4R1"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\u003cbr\u003e\u003cbr\u003eWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions 25.4R1 or later."
                }
              ],
              "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\n\nWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\n\nThis issue affects Junos OS:\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2.\n\n\nThis issue does not affect versions 25.4R1 or later."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:28:05.552Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107807"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R2, and all subsequent releases.\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R2, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107807",
            "defect": [
              "1865633"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Junos OS: A low privileged user can escalate their privileges so that they can login as root",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To prevent exploitation, use access controls to keep users from performing \u0027file link\u0027 operations."
                }
              ],
              "value": "To prevent exploitation, use access controls to keep users from performing \u0027file link\u0027 operations."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21916",
        "datePublished": "2026-04-09T21:28:05.552Z",
        "dateReserved": "2026-01-05T17:32:48.711Z",
        "dateUpdated": "2026-04-13T13:04:16.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21915 (GCVE-0-2026-21915)

    Vulnerability from nvd – Published: 2026-04-09 21:26 – Updated: 2026-04-13 13:04
    VLAI
    Title
    JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root
    Summary
    A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system. This issue affects all JSI vLWC versions before 3.0.94.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-183 - Permissive List of Allowed Input
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA106016 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks JSI LWC Affected: 0 , < 3.0.94 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T03:56:14.461955Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T13:04:16.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "vLWC"
              ],
              "product": "JSI LWC",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "3.0.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.\u003cbr\u003e\u003cbr\u003eThe CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system.\u003cbr\u003e\u003cbr\u003eThis issue affects all JSI vLWC versions before 3.0.94."
                }
              ],
              "value": "A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.\n\nThe CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system.\n\nThis issue affects all JSI vLWC versions before 3.0.94."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-183",
                  "description": "CWE-183 Permissive List of Allowed Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:26:28.357Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA106016"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA106016",
            "defect": [
              "JDEF-980"
            ],
            "discovery": "USER"
          },
          "title": "JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21915",
        "datePublished": "2026-04-09T21:26:28.357Z",
        "dateReserved": "2026-01-05T17:32:48.711Z",
        "dateUpdated": "2026-04-13T13:04:16.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21904 (GCVE-0-2026-21904)

    Vulnerability from nvd – Published: 2026-04-09 21:26 – Updated: 2026-04-10 14:14
    VLAI
    Title
    Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R5 Patch V3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA106003 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos Space Affected: 0 , < 24.1R5 Patch V3 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21904",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T14:14:36.676713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T14:14:55.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos Space",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "24.1R5 Patch V3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the \n\nlist filter field that, when visited by another user, enables the attacker to execute commands with the target\u0027s permissions, including an administrator.\u003cbr\u003e\u003cbr\u003eThis issue affects all versions of Junos Space before 24.1R5 Patch V3."
                }
              ],
              "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the \n\nlist filter field that, when visited by another user, enables the attacker to execute commands with the target\u0027s permissions, including an administrator.\n\nThis issue affects all versions of Junos Space before 24.1R5 Patch V3."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:26:09.896Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA106003"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 24.1R5 Patch V3, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 24.1R5 Patch V3, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA106003",
            "defect": [
              "1837738"
            ],
            "discovery": "USER"
          },
          "title": "Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21904",
        "datePublished": "2026-04-09T21:26:09.896Z",
        "dateReserved": "2026-01-05T17:32:48.709Z",
        "dateUpdated": "2026-04-10T14:14:55.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13914 (GCVE-0-2025-13914)

    Vulnerability from nvd – Published: 2026-04-09 21:32 – Updated: 2026-04-14 14:35
    VLAI
    Title
    Apstra: SSH host key validation vulnerability for managed devices
    Summary
    A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-322 - Key Exchange without Entity Authentication
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107862 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Apstra Affected: 0 , < 6.1.1 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 10:16
    Credits
    Juniper SIRT would like to acknowledge and thank the Federal Office for Information Security (BSI) for responsibly reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T14:35:08.217958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T14:35:15.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apstra",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "6.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juniper SIRT would like to acknowledge and thank the Federal Office for Information Security (BSI) for responsibly reporting this vulnerability."
            }
          ],
          "datePublic": "2026-04-08T10:16:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, M\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eITM \u003c/span\u003e\n\nattacker to impersonate managed devices.\u003cbr\u003e\u003cbr\u003eDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\u003cbr\u003e\u003cbr\u003eThis issue affects all versions of\u0026nbsp;Apstra before 6.1.1."
                }
              ],
              "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM \n\nattacker to impersonate managed devices.\n\nDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\n\nThis issue affects all versions of\u00a0Apstra before 6.1.1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-322",
                  "description": "CWE-322 Key Exchange without Entity Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:32:14.834Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107862"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following\nsoftware releases have been updated to resolve this specific issue:\u0026nbsp;Apstra 6.1.1, and all subsequent releases.\u003cbr\u003e"
                }
              ],
              "value": "The following\nsoftware releases have been updated to resolve this specific issue:\u00a0Apstra 6.1.1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107862",
            "defect": [
              "AOS-56131"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Apstra: SSH host key validation vulnerability for managed devices",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2025-13914",
        "datePublished": "2026-04-09T21:32:14.834Z",
        "dateReserved": "2025-12-02T17:48:47.280Z",
        "dateUpdated": "2026-04-14T14:35:15.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57028 (GCVE-0-2026-57028)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:08 – Updated: 2026-07-10 14:37
    VLAI
    Title
    Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
    Summary
    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management. This issue affects all Junos OS Evolved versions before 23.2R2-EVO.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T14:37:11.630273Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T14:37:21.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\u003c/p\u003e\u003cp\u003eThis issue affects all Junos OS Evolved versions before 23.2R2-EVO.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.\n\n\nDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\n\nThis issue affects all Junos OS Evolved versions before 23.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:08:25.702Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110088"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110088",
            "defect": [
              "1729581"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\n\n\n\nPlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57028",
        "datePublished": "2026-07-09T21:08:25.702Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-10T14:37:21.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33803 (GCVE-0-2026-33803)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:04 – Updated: 2026-07-10 13:30
    VLAI
    Title
    Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker
    Summary
    An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets. This issue affects Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-S5-EVO, * 24.4 versions before 24.4R2-S4-EVO, * 25.2 versions before 25.2R2-S1-EVO, * 25.4 versions before 25.4R1-S2-EVO.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-S7-EVO (custom)
    Affected: 23.4 , < 23.4R2-S8-EVO (custom)
    Affected: 24.2 , < 24.2R2-S5-EVO (custom)
    Affected: 24.4 , < 24.4R2-S4-EVO (custom)
    Affected: 25.2 , < 25.2R2-S1-EVO (custom)
    Affected: 25.4 , < 25.4R1-S2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T13:30:15.593698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T13:30:26.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2-S1-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S2-EVO",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\nDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\n\nThis issue affects Junos OS Evolved:\n\n\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-S5-EVO,\n  *  24.4 versions before 24.4R2-S4-EVO,\n  *  25.2 versions before 25.2R2-S1-EVO,\n  *  25.4 versions before 25.4R1-S2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:04:14.997Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110078"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-S5-EVO, 24.4R2-S4-EVO, 25.2R2-S1-EVO, 25.4R1-S2-EVO, 25.4R2-EVO, 26.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-S5-EVO, 24.4R2-S4-EVO, 25.2R2-S1-EVO, 25.4R1-S2-EVO, 25.4R2-EVO, 26.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110078",
            "defect": [
              "1909908"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003ePlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nPlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33803",
        "datePublished": "2026-07-09T21:04:14.997Z",
        "dateReserved": "2026-03-23T19:46:13.674Z",
        "dateUpdated": "2026-07-10T13:30:26.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33801 (GCVE-0-2026-33801)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:03 – Updated: 2026-07-10 13:31
    VLAI
    Title
    Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS). Upon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects: * Junos OS versions 25.2 before 25.2R2; * Junos OS Evolved versions 25.2 before 25.2R2-EVO. This issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 25.2 , < 25.2R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33801",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T13:30:53.472301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T13:31:03.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cp\u003eUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJunos OS versions 25.2 before 25.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eJunos OS Evolved versions 25.2 before 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\n\nUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\n\n\nThis issue affects:\n\n\n\n  *  Junos OS versions 25.2 before 25.2R2;\n\n\n  *  Junos OS Evolved versions 25.2 before 25.2R2-EVO.\n\n\n\n\nThis issue doesn\u0027t affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:03:24.796Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110076"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110076",
            "defect": [
              "1907528"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33801",
        "datePublished": "2026-07-09T21:03:24.796Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-10T13:31:03.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33799 (GCVE-0-2026-33799)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:02 – Updated: 2026-07-10 13:31
    VLAI
    Title
    Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash
    Summary
    An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP. Memory usage can be monitored using the following command: user@device> show system processes extensive | match snmpd This issue affects: Junos OS: * all versions before 21.2R3-S8; * from 21.4 before 21.4R3-S7; * from 22.1 before 22.1R3-S6; * from 22.2 before 22.2R3-S4; * from 22.3 before 22.3R3-S3; * from 22.4 before 22.4R3-S2; * from 23.2 before 23.2R2; * from 23.4 before 23.4R2. Junos OS Evolved: * all versions before 21.2R3-S8-EVO; * from 21.4 before 21.4R3-S7-EVO; * all versions of 22.1-EVO, * from 22.2 before 22.2R3-S4-EVO; * from 22.3 before 22.3R3-S3-EVO; * all versions of 22.4-EVO, * from 23.2 before 23.2R2-EVO; * from 23.4 before 23.4R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 21.2R3-S8 (custom)
    Affected: 21.4 , < 21.4R3-S7 (custom)
    Affected: 22.1 , < 22.1R3-S6 (custom)
    Affected: 22.2 , < 22.2R3-S4 (custom)
    Affected: 22.3 , < 22.3R3-S3 (custom)
    Affected: 22.4 , < 22.4R3-S2 (custom)
    Affected: 23.2 , < 23.2R2 (custom)
    Affected: 23.4 , < 23.4R2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 21.2R3-S8-EVO (custom)
    Affected: 21.4 , < 21.4R3-S7-EVO (custom)
    Affected: 22.1 , < 22.1* (custom)
    Affected: 22.2 , < 22.2R3-S4-EVO (custom)
    Affected: 22.3 , < 22.3R3-S3-EVO (custom)
    Affected: 22.4 , < 22.4* (custom)
    Affected: 23.2 , < 23.2R2-EVO (custom)
    Affected: 23.4 , < 23.4R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T13:31:41.445568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T13:31:54.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "21.2R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.4R3-S7",
                  "status": "affected",
                  "version": "21.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.1R3-S6",
                  "status": "affected",
                  "version": "22.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.2R3-S4",
                  "status": "affected",
                  "version": "22.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R3-S3",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4R3-S2",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "21.2R3-S8-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.4R3-S7-EVO",
                  "status": "affected",
                  "version": "21.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.1*",
                  "status": "affected",
                  "version": "22.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.2R3-S4-EVO",
                  "status": "affected",
                  "version": "22.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R3-S3-EVO",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4*",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue requires that SNMPv3 be configured. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[snmp engine-id use-default-ip-address]\u003cbr\u003e[snmp v3 usm local-engine user \u0026lt;username\u0026gt; authentication-\u0026lt;method\u0026gt; ...]\u003cbr\u003e[snmp v3 vacm security-to-group security-model usm security-name \u0026lt;name\u0026gt; group \u0026lt;group\u0026gt;]\u003cbr\u003e[snmp v3 vacm access group \u0026lt;group\u0026gt; default-context-prefix security-model usm security-level \u0026lt;level\u0026gt; ...]\u003c/tt\u003e"
                }
              ],
              "value": "This issue requires that SNMPv3 be configured. For example:\n\n[snmp engine-id use-default-ip-address]\n[snmp v3 usm local-engine user \u003cusername\u003e authentication-\u003cmethod\u003e ...]\n[snmp v3 vacm security-to-group security-model usm security-name \u003cname\u003e group \u003cgroup\u003e]\n[snmp v3 vacm access group \u003cgroup\u003e default-context-prefix security-model usm security-level \u003clevel\u003e ...]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\u003cbr\u003e\u003cbr\u003eMemory usage can be monitored using the following command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show system processes extensive | match snmpd\u003c/tt\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8-EVO;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7-EVO;\u003c/li\u003e\u003cli\u003eall versions of 22.1-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3-EVO;\u003c/li\u003e\u003cli\u003eall versions of 22.4-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-EVO;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\n\nMemory usage can be monitored using the following command:\n\nuser@device\u003e show system processes extensive | match snmpd\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  all versions before 21.2R3-S8;\n  *  from 21.4 before 21.4R3-S7;\n  *  from 22.1 before 22.1R3-S6;\n  *  from 22.2 before 22.2R3-S4;\n  *  from 22.3 before 22.3R3-S3;\n  *  from 22.4 before 22.4R3-S2;\n  *  from 23.2 before 23.2R2;\n  *  from 23.4 before 23.4R2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 21.2R3-S8-EVO;\n  *  from 21.4 before 21.4R3-S7-EVO;\n  *  all versions of 22.1-EVO,\n  *  from 22.2 before 22.2R3-S4-EVO;\n  *  from 22.3 before 22.3R3-S3-EVO;\n  *  all versions of 22.4-EVO,\n  *  from 23.2 before 23.2R2-EVO;\n  *  from 23.4 before 23.4R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:02:31.614Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110074"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\n\u003cbr\u003e\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110074",
            "defect": [
              "1769065"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of malicious exploitation, use access lists or firewall filters to limit access to the device via SNMPv3 only from trusted hosts."
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of malicious exploitation, use access lists or firewall filters to limit access to the device via SNMPv3 only from trusted hosts."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33799",
        "datePublished": "2026-07-09T21:02:31.614Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-10T13:31:54.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33791 (GCVE-0-2026-33791)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:38 – Updated: 2026-04-22 14:48
    VLAI
    Title
    Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root
    Summary
    An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS:  * all versions before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S7,  * from 24.2 before 24.2R2-S2,  * from 24.4 before 24.4R2,  * from 25.2 before 25.2R2;  Junos OS Evolved:  * all versions before 22.4R3-S8-EVO,  * from 23.2 before 23.2R2-S5-EVO,  * from 23.4 before 23.4R2-S7-EVO,  * from 24.2 before 24.2R2-S2-EVO,  * from 24.4 before 24.4R2-EVO,  * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S8 (semver)
    Affected: 23.2 , < 23.2R2-S5 (semver)
    Affected: 23.4 , < 23.4R2-S7 (semver)
    Affected: 24.2 , < 24.2R2-S2 (semver)
    Affected: 24.4 , < 24.4R2 (semver)
    Affected: 25.2 , < 25.2R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 22.4R3-S8-EVO (semver)
    Affected: 23.2 , < 23.2R2-S5-EVO (semver)
    Affected: 23.4 , < 23.4R2-S7-EVO (semver)
    Affected: 24.2 , < 24.2R2-S2-EVO (semver)
    Affected: 24.4 , < 24.4R2-EVO (semver)
    Affected: 25.2 , < 25.2R1-S1-EVO, 25.2R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T03:55:33.772Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S5",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S8-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S5-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S7-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1-S1-EVO, 25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system.\u003cbr\u003e\u003cbr\u003eCertain \u0027set system\u0027 commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system.\n\nCertain \u0027set system\u0027 commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8,\u00a0\n  *  from 23.2 before 23.2R2-S5,\u00a0\n  *  from 23.4 before 23.4R2-S7,\u00a0\n  *  from 24.2 before 24.2R2-S2,\u00a0\n  *  from 24.4 before 24.4R2,\u00a0\n  *  from 25.2 before 25.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S5-EVO,\u00a0\n  *  from 23.4 before 23.4R2-S7-EVO,\u00a0\n  *  from 24.2 before 24.2R2-S2-EVO,\u00a0\n  *  from 24.4 before 24.4R2-EVO,\u00a0\n  *  from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:48:22.085Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107875"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA107875"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS 22.4R3-S8, 23.2R2-S5, 23.4R2-S7, 24.2R2-S2, 24.4R2, 25.2R2, 25.4R1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and all subsequent releases.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S7-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and all subsequent releases.\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS 22.4R3-S8, 23.2R2-S5, 23.4R2-S7, 24.2R2-S2, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.\n\n\n\n\nJunos OS Evolved 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S7-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107875",
            "defect": [
              "1872082"
            ],
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-08T16:00:00.000Z",
              "value": "Initial Publication"
            },
            {
              "lang": "en",
              "time": "2026-04-22T16:00:00.000Z",
              "value": "Clarified that workarounds will prevent malicious exploitation"
            }
          ],
          "title": "Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "One of the following mitigations will prevent malicious exploitation:\u003cbr\u003e\u003cul\u003e\u003cli\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/li\u003e\u003cli\u003eAvoid configuring access to any part of the \u0027\u003ctt\u003eset system\u003c/tt\u003e\u0027\u200b stanza for non-privileged users.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "One of the following mitigations will prevent malicious exploitation:\n  *  Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n  *  Avoid configuring access to any part of the \u0027set system\u0027\u200b stanza for non-privileged users."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33791",
        "datePublished": "2026-04-09T21:38:52.747Z",
        "dateReserved": "2026-03-23T19:46:13.672Z",
        "dateUpdated": "2026-04-22T14:48:22.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33784 (GCVE-0-2026-33784)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:36 – Updated: 2026-04-13 18:06
    VLAI
    Title
    JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access
    Summary
    A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107871 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks JSI LWC Affected: 0 , < 3.0.94 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:54:25.395838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "vLWC"
              ],
              "product": "JSI LWC",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "3.0.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Default Password vulnerability in the Juniper Networks \n\nSupport Insights (JSI) \n\nVirtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.\u003cbr\u003e\u003cbr\u003evLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.\u003cp\u003eThis issue affects all versions of vLWC before 3.0.94.\u003c/p\u003e"
                }
              ],
              "value": "A Use of Default Password vulnerability in the Juniper Networks \n\nSupport Insights (JSI) \n\nVirtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.\n\nvLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1393",
                  "description": "CWE-1393 Use of Default Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:36:37.519Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107871"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases.\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107871",
            "defect": [
              "JDEF-1032"
            ],
            "discovery": "INTERNAL"
          },
          "title": "JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The password can be changed in the setup menu of the device, which is described at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/jsi/vlwc-deploy/topics/topic-map/configure-settings-jsi-shell.html\"\u003eConfigure Network Settings through JSI Shell | Juniper Support Insights | Juniper Networks\u003c/a\u003e"
                }
              ],
              "value": "The password can be changed in the setup menu of the device, which is described at\u00a0 Configure Network Settings through JSI Shell | Juniper Support Insights | Juniper Networks https://www.juniper.net/documentation/us/en/software/jsi/vlwc-deploy/topics/topic-map/configure-settings-jsi-shell.html"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33784",
        "datePublished": "2026-04-09T21:36:37.519Z",
        "dateReserved": "2026-03-23T19:46:13.670Z",
        "dateUpdated": "2026-04-13T18:06:19.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33776 (GCVE-0-2026-33776)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:34 – Updated: 2026-04-10 14:13
    VLAI
    Title
    Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information
    Summary
    A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107866 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S8 (semver)
    Affected: 23.2 , < 23.2R2-S6 (semver)
    Affected: 23.4 , < 23.4R2-S6 (semver)
    Affected: 24.2 , < 24.2R2-S4 (semver)
    Affected: 24.4 , < 24.4R2-S1 (semver)
    Affected: 25.2 , < 25.2R1-S2, 25.2R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-S6-EVO (semver)
    Affected: 23.4 , < 23.4R2-S6-EVO (semver)
    Affected: 24.2 , < 24.2R2-S4-EVO (semver)
    Affected: 24.4 , < 24.4R2-S1-EVO (semver)
    Affected: 25.2 , < 25.2R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T14:12:01.071120Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T14:13:45.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S6",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-S1",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1-S2, 25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S6-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S4-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-S1-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.\u003cbr\u003e\u003cbr\u003eA local user with low privileges can execute the CLI command \u0027show mgd\u0027 with specific arguments which will expose sensitive information.\u003cbr\u003e\u003cbr\u003eThis issue affects\u003cbr\u003e\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S6,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S1,\u003c/li\u003e\u003cli\u003e25.2 version before 25.2R1-S2, 25.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S6-EVO,\u003c/li\u003e\u003cli\u003e23.4 version before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 version before 24.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S1-EVO,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.\n\nA local user with low privileges can execute the CLI command \u0027show mgd\u0027 with specific arguments which will expose sensitive information.\n\nThis issue affects\n\nJunos OS:\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S1,\n  *  25.2 version before 25.2R1-S2, 25.2R2;\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S6-EVO,\n  *  23.4 version before 23.4R2-S6-EVO,\n  *  24.2 version before 24.2R2-S4-EVO,\n  *  24.4 versions before 24.4R2-S1-EVO,\n  *  25.2 versions before 25.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:34:50.469Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107866"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 23.2R2-S6-EVO, 23.4R2-S6-EVO, 2\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.2R2-S4-EVO, 2\u003c/span\u003e4.4R2-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S4, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 23.2R2-S6-EVO, 23.4R2-S6-EVO, 24.2R2-S4-EVO, 24.4R2-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S4, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107866",
            "defect": [
              "1704886"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUtilize CLI authorization to disallow execution of the \u0027\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshow mgd\u0027\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;commands.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the \u0027show mgd\u0027\u00a0commands."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33776",
        "datePublished": "2026-04-09T21:34:50.469Z",
        "dateReserved": "2026-03-23T19:46:13.669Z",
        "dateUpdated": "2026-04-10T14:13:45.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33771 (GCVE-0-2026-33771)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:33 – Updated: 2026-04-13 18:06
    VLAI
    Title
    CTP OS: Configuring password requirements does not work which permits the use of weak passwords
    Summary
    A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option "Show password requirements". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access. This issue affects CTP OS versions 9.2R1 and 9.2R2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107864 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks CTP OS Affected: 9.2R1 , ≤ 9.2R2 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 04:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:53:27.069919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CTP OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThanOrEqual": "9.2R2",
                  "status": "affected",
                  "version": "9.2R1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T04:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\u003cbr\u003e\u003cbr\u003eThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects CTP OS versions 9.2R1 and 9.2R2.\u003c/p\u003e"
                }
              ],
              "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\n\nThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\n\n\n\nThis issue affects CTP OS versions 9.2R1 and 9.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:33:57.007Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107864"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 9.3R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 9.3R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107864",
            "defect": [
              "1924398"
            ],
            "discovery": "USER"
          },
          "title": "CTP OS: Configuring password requirements does not work which permits the use of weak passwords",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33771",
        "datePublished": "2026-04-09T21:33:57.007Z",
        "dateReserved": "2026-03-23T19:46:13.667Z",
        "dateUpdated": "2026-04-13T18:06:19.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13914 (GCVE-0-2025-13914)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:32 – Updated: 2026-04-14 14:35
    VLAI
    Title
    Apstra: SSH host key validation vulnerability for managed devices
    Summary
    A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-322 - Key Exchange without Entity Authentication
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107862 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Apstra Affected: 0 , < 6.1.1 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 10:16
    Credits
    Juniper SIRT would like to acknowledge and thank the Federal Office for Information Security (BSI) for responsibly reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T14:35:08.217958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T14:35:15.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apstra",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "6.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juniper SIRT would like to acknowledge and thank the Federal Office for Information Security (BSI) for responsibly reporting this vulnerability."
            }
          ],
          "datePublic": "2026-04-08T10:16:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, M\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eITM \u003c/span\u003e\n\nattacker to impersonate managed devices.\u003cbr\u003e\u003cbr\u003eDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\u003cbr\u003e\u003cbr\u003eThis issue affects all versions of\u0026nbsp;Apstra before 6.1.1."
                }
              ],
              "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM \n\nattacker to impersonate managed devices.\n\nDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\n\nThis issue affects all versions of\u00a0Apstra before 6.1.1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-322",
                  "description": "CWE-322 Key Exchange without Entity Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:32:14.834Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107862"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following\nsoftware releases have been updated to resolve this specific issue:\u0026nbsp;Apstra 6.1.1, and all subsequent releases.\u003cbr\u003e"
                }
              ],
              "value": "The following\nsoftware releases have been updated to resolve this specific issue:\u00a0Apstra 6.1.1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107862",
            "defect": [
              "AOS-56131"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Apstra: SSH host key validation vulnerability for managed devices",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2025-13914",
        "datePublished": "2026-04-09T21:32:14.834Z",
        "dateReserved": "2025-12-02T17:48:47.280Z",
        "dateUpdated": "2026-04-14T14:35:15.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33797 (GCVE-0-2026-33797)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:31 – Updated: 2026-04-23 20:08
    VLAI
    Title
    Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset
    Summary
    An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 25.2 , < 25.2R2 (semver)
    Unaffected: 0 , < 25.2R1 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 25.2 , < 25.2R2-EVO (semver)
    Unaffected: 0 , < 25.2R1-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:40:25.675431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.434Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "bgp"
              ],
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R1-EVO",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctt\u003e\u0026nbsp; [ protocols bgp group \u0026lt;group\u0026gt; neighbor ]\u003c/tt\u003e\u003cbr\u003e"
                }
              ],
              "value": "[ protocols bgp group \u003cgroup\u003e neighbor ]"
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker repeatedly sending the packet will sustain the Denial of Service (DoS).\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003e25.2 versions before 25.2R2\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS versions before 25.2R1.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e25.2-EVO versions before 25.2R2-EVO\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS Evolved versions before 25.2R1-EVO.\u003cbr\u003e\u003cbr\u003eeBGP and iBGP are affected.\u003cbr\u003eIPv4 and IPv6 are affected.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).\n\nAn attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS:\n\n  *  25.2 versions before 25.2R2\n\n\nThis issue does not affect Junos OS versions before 25.2R1.\n\nThis issue affects Junos OS Evolved: \n  *  25.2-EVO versions before 25.2R2-EVO\n\n\nThis issue does not affect Junos OS Evolved versions before 25.2R1-EVO.\n\neBGP and iBGP are affected.\nIPv4 and IPv6 are affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T20:08:35.655Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107850"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA107850"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS:\u0026nbsp;25.2R2,\u0026nbsp;25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS:\u00a025.2R2,\u00a025.4R1, and all subsequent releases.\nJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107850",
            "defect": [
              "1893316"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33797",
        "datePublished": "2026-04-09T21:31:22.902Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-04-23T20:08:35.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33780 (GCVE-0-2026-33780)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:29 – Updated: 2026-04-13 18:06
    VLAI
    Title
    Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald
    Summary
    A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107819 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 22.4R3-S5 (semver)
    Affected: 23.2 , < 23.2R2-S3 (semver)
    Affected: 23.4 , < 23.4R2-S4 (semver)
    Affected: 24.2 , < 24.2R2 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: all version prior to , < 22.4R3-S5-EVO (semver)
    Affected: 23.2 , < 23.2R2-S3-EVO (semver)
    Affected: 23.4 , < 23.4R2-S4-EVO (semver)
    Affected: 24.2 , < 24.2R2-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:39:43.706961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:19.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S3",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S4",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.4R3-S5-EVO",
                  "status": "affected",
                  "version": "all version prior to",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.2R2-S3-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S4-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "To be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options."
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the\u0026nbsp;Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\u003cbr\u003e\u003cbr\u003eUse the following command to monitor the memory consumption by l2ald:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show system process extensive | match \"PID|l2ald\"\u003c/tt\u003e \n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S5-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device\u003e show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  all versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S5-EVO,\n  *  23.2 versions before 23.2R2-S3-EVO,\n  *  23.4 versions before 23.4R2-S4-EVO,\n  *  24.2 versions before 24.2R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:29:20.534Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107819"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107819",
            "defect": [
              "1824956"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33780",
        "datePublished": "2026-04-09T21:29:20.534Z",
        "dateReserved": "2026-03-23T19:46:13.669Z",
        "dateUpdated": "2026-04-13T18:06:19.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21916 (GCVE-0-2026-21916)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:28 – Updated: 2026-04-13 13:04
    VLAI
    Title
    Junos OS: A low privileged user can escalate their privileges so that they can login as root
    Summary
    A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-61 - UNIX Symbolic Link (Symlink) Following
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA107807 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (semver)
    Affected: 23.4 , < 23.4R2-S6 (semver)
    Affected: 24.2 , < 24.2R2-S3 (semver)
    Affected: 24.4 , < 24.4R2-S2 (semver)
    Affected: 25.2 , < 25.2R2 (semver)
    Unaffected: 25.4R1
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T03:56:11.604149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T13:04:16.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R2-S2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "25.4R1"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\u003cbr\u003e\u003cbr\u003eWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions 25.4R1 or later."
                }
              ],
              "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.\n\nWhen after a user has performed a specific \u0027file link ...\u0027 CLI operation, another user commits (unrelated configuration changes), the first user can login as root.\n\nThis issue affects Junos OS:\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2.\n\n\nThis issue does not affect versions 25.4R1 or later."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-61",
                  "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:28:05.552Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA107807"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R2, and all subsequent releases.\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R2, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA107807",
            "defect": [
              "1865633"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Junos OS: A low privileged user can escalate their privileges so that they can login as root",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To prevent exploitation, use access controls to keep users from performing \u0027file link\u0027 operations."
                }
              ],
              "value": "To prevent exploitation, use access controls to keep users from performing \u0027file link\u0027 operations."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21916",
        "datePublished": "2026-04-09T21:28:05.552Z",
        "dateReserved": "2026-01-05T17:32:48.711Z",
        "dateUpdated": "2026-04-13T13:04:16.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21919 (GCVE-0-2026-21919)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:26 – Updated: 2026-04-13 18:06
    VLAI
    Title
    Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability
    Summary
    An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover. This issue can be monitored by checking for mgd processes in lockf state in the output of 'show system processes extensive': user@host> show system processes extensive | match mgd <pid> root       20   0 501M 4640K lockf   1 0:01 0.00% mgd If the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won't invoke mgd), mgd processes in this state can be killed with 'request system process terminate <PID>' from the CLI or with 'kill -9 <PID>' from the shell.  This issue affects: Junos OS: * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; This issue does not affect Junos OS versions before 23.4R1; Junos OS Evolved: * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved versions before 23.4R1-EVO;
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-821 - Incorrect Synchronization
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA106019 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.4 , < 23.4R2-S4 (semver)
    Affected: 24.2 , < 24.2R2-S1 (semver)
    Affected: 24.4 , < 24.4R1-S3, 24.4R2 (semver)
    Unaffected: all version prior to , < 23.4R1 (semver)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 23.4 , < 23.4R2-S5-EVO (semver)
    Affected: 24.2 , < 24.2R2-S1-EVO (semver)
    Affected: 24.4 , < 24.4R1-S3-EVO, 24.4R2-EVO (semver)
    Unaffected: all version prior to , < 23.4R1-EVO (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T17:38:59.428723Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T18:06:20.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.4R2-S4",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S1",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R1-S3, 24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R1",
                  "status": "unaffected",
                  "version": "all version prior to",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.4R2-S5-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.2R2-S1-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.4R1-S3-EVO, 24.4R2-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.4R1-EVO",
                  "status": "unaffected",
                  "version": "all version prior to",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue the device needs to be configured for NETCONF as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services\u0026nbsp;netconf ... ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue the device needs to be configured for NETCONF as follows:\n\n[ system services\u00a0netconf ... ]"
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.\u003cbr\u003e\u003cbr\u003eWhen NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover.\u003cbr\u003e\u003cbr\u003eThis issue can be monitored by checking for mgd processes in lockf state in the output of \u0027show system processes extensive\u0027:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show system processes extensive | match mgd\u003cbr\u003e\u0026lt;pid\u0026gt; root  \u0026nbsp; \u0026nbsp; \u0026nbsp;  20  \u0026nbsp; 0   501M  4640K lockf  \u0026nbsp; 1   0:01   0.00% mgd\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eIf the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won\u0027t invoke mgd), mgd processes in this state can be killed with \u0027request system process terminate \u0026lt;PID\u0026gt;\u0027 from the CLI or with \u0027kill -9 \u0026lt;PID\u0026gt;\u0027 from the shell.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3, 24.4R2;\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003eThis issue does not affect Junos OS versions before 23.4R1;\u003c/p\u003e\n\n\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S5-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue does not affect Junos OS Evolved versions before 23.4R1-EVO;\u003c/p\u003e\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.\n\nWhen NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover.\n\nThis issue can be monitored by checking for mgd processes in lockf state in the output of \u0027show system processes extensive\u0027:\n\nuser@host\u003e show system processes extensive | match mgd\n\u003cpid\u003e root  \u00a0 \u00a0 \u00a0  20  \u00a0 0   501M  4640K lockf  \u00a0 1   0:01   0.00% mgd\n\n\nIf the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won\u0027t invoke mgd), mgd processes in this state can be killed with \u0027request system process terminate \u003cPID\u003e\u0027 from the CLI or with \u0027kill -9 \u003cPID\u003e\u0027 from the shell.\u00a0\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R1-S3, 24.4R2;\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1;\n\n\n\nJunos OS Evolved:\n\n  *  23.4 versions before 23.4R2-S5-EVO,\n  *  24.2 versions before 24.2R2-S1-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions before 23.4R1-EVO;"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-821",
                  "description": "CWE-821 Incorrect Synchronization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:26:46.081Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA106019"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 23.4R2-S4, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 23.4R2-S4, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA106019",
            "defect": [
              "1866577"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eTo further reduce the risk of exploitation you can set values as low as needed for your normal operations for:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services netconf\u0026nbsp;ssh\u0026nbsp;connection-limit \u0026lt;max_connections\u0026gt; ]\u003cbr\u003e[ system services netconf ssh\u0026nbsp;rate-limit \u0026lt;connections_per_minute\u0026gt; ]\u003c/tt\u003e\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\n\nTo further reduce the risk of exploitation you can set values as low as needed for your normal operations for:\n\n[ system services netconf\u00a0ssh\u00a0connection-limit \u003cmax_connections\u003e ]\n[ system services netconf ssh\u00a0rate-limit \u003cconnections_per_minute\u003e ]"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21919",
        "datePublished": "2026-04-09T21:26:46.081Z",
        "dateReserved": "2026-01-05T17:32:48.711Z",
        "dateUpdated": "2026-04-13T18:06:20.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21915 (GCVE-0-2026-21915)

    Vulnerability from cvelistv5 – Published: 2026-04-09 21:26 – Updated: 2026-04-13 13:04
    VLAI
    Title
    JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root
    Summary
    A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system. This issue affects all JSI vLWC versions before 3.0.94.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-183 - Permissive List of Allowed Input
    Assigner
    References
    URL Tags
    https://kb.juniper.net/JSA106016 vendor-advisory
    Impacted products
    Vendor Product Version
    Juniper Networks JSI LWC Affected: 0 , < 3.0.94 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T03:56:14.461955Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-13T13:04:16.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "vLWC"
              ],
              "product": "JSI LWC",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "3.0.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.\u003cbr\u003e\u003cbr\u003eThe CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system.\u003cbr\u003e\u003cbr\u003eThis issue affects all JSI vLWC versions before 3.0.94."
                }
              ],
              "value": "A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.\n\nThe CLI menu accepts input without carefully validating it, which allows for shell command injection. These shell commands are executed with root permissions and can be used to gain complete control of the system.\n\nThis issue affects all JSI vLWC versions before 3.0.94."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-183",
                  "description": "CWE-183 Permissive List of Allowed Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-09T21:26:28.357Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.juniper.net/JSA106016"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases.\n\n\u003cbr\u003e"
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 3.0.94, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA106016",
            "defect": [
              "JDEF-980"
            ],
            "discovery": "USER"
          },
          "title": "JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21915",
        "datePublished": "2026-04-09T21:26:28.357Z",
        "dateReserved": "2026-01-05T17:32:48.711Z",
        "dateUpdated": "2026-04-13T13:04:16.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }