cbcvebase.
CVE-2026-33776
published 2026-04-09

CVE-2026-33776: A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive…

medium6.8CVSS 4.0
AVLACLATNPRLUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRXVXREMUX
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.

A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information.

This issue affects

Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S6,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S4,
* 24.4 versions before 24.4R2-S1,
* 25.2 version before 25.2R1-S2, 25.2R2;


Junos OS Evolved:
* all versions before 23.2R2-S6-EVO,
* 23.4 version before 23.4R2-S6-EVO,
* 24.2 version before 24.2R2-S4-EVO,
* 24.4 versions before 24.4R2-S1-EVO,
* 25.2 versions before 25.2R2-EVO.

Affected

12 ranges
VendorProductVersion rangeFixed in
juniperjunos_os
juniper_networksjunos_os< 22.4R3-S822.4R3-S8
juniper_networksjunos_os>= 23.2 < 23.2R2-S623.2R2-S6
juniper_networksjunos_os>= 23.4 < 23.4R2-S623.4R2-S6
juniper_networksjunos_os>= 24.2 < 24.2R2-S424.2R2-S4
juniper_networksjunos_os>= 24.4 < 24.4R2-S124.4R2-S1
juniper_networksjunos_os>= 25.2 < 25.2R1-S2, 25.2R225.2R1-S2, 25.2R2
juniper_networksjunos_os_evolved< 23.2R2-S6-EVO23.2R2-S6-EVO
juniper_networksjunos_os_evolved>= 23.4 < 23.4R2-S6-EVO23.4R2-S6-EVO
juniper_networksjunos_os_evolved>= 24.2 < 24.2R2-S4-EVO24.2R2-S4-EVO
juniper_networksjunos_os_evolved>= 24.4 < 24.4R2-S1-EVO24.4R2-S1-EVO
juniper_networksjunos_os_evolved>= 25.2 < 25.2R2-EVO25.2R2-EVO
CVE-2026-33776 — Missing Authorization | cvebase