CVE-2026-33797

CWE-20Improper Input Validation4 documents4 sources
Severity
7.1HIGH
EPSS
0.0%
top 94.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Networks Junos OS Evolved
Timeline
PublishedApr 9
Latest updateApr 10

Description

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue doesn't not affected Junos OS versions before 25.2R1. This issue

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved25.225.2R2-EVO
CVEListV5juniper_networks/junos_os25.225.2R2

🔴Vulnerability Details

3
GHSA
GHSA-3rpc-j6fw-646r: An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a s2026-04-10
VulDB
Juniper Junos OS/Junos OS Evolved up to 25.2R0/25.2R1 denial of service (JSA107850)2026-04-10
CVEList
Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset2026-04-09
CVE-2026-33797 (HIGH CVSS 7.1) | An Improper Input Validation vulner | cvebase.io