CVE-2026-33775

CWE-401Memory Leak4 documents4 sources
Severity
7.1HIGH
EPSS
0.0%
top 93.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Juniper Networks Junos OS
Timeline
PublishedApr 9
Latest updateApr 10

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgd has been consumed, no new subscribers will be able to login. The memory u

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages1 packages

CVEListV5juniper_networks/junos_os23.223.2R2-S5+5

🔴Vulnerability Details

3
GHSA
GHSA-9p4v-567m-9ggg: A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks J2026-04-10
VulDB
Juniper Junos OS up to 25.2R1 on MX Log Message bbesmgd[] memory leak (JSA107821)2026-04-10
CVEList
Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd2026-04-09
CVE-2026-33775 (HIGH CVSS 7.1) | A Missing Release of Memory after E | cvebase.io