Juniper Networks Junos OS Evolved vulnerabilities

CVE-2026-33780 [HIGH] CWE-401 CVE-2026-33780: A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning D A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provi

CVE-2025-59969 [HIGH] CWE-120 CVE-2025-59969: A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanc A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause

CVE-2026-33793 [HIGH] CWE-250 CVE-2026-33793: An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Network An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute mali

CVE-2026-21919 [HIGH] CWE-821 CVE-2026-21919: An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang

CVE-2026-33788 [HIGH] CWE-306 CVE-2026-33788: A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local user with low privileges can gain direct access to the installed FPCs as a hi

CVE-2026-33797 [HIGH] CWE-20 CVE-2026-33797: An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service

CVE-2026-33783 [HIGH] CWE-686 CVE-2026-33783: A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networ A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tun

CVE-2026-33791 [HIGH] CWE-78 CVE-2026-33791: An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos O An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments,

CVE-2026-33776 [MEDIUM] CWE-862 CVE-2026-33776: A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved a A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versio

CVE-2026-21902 [CRITICAL] CWE-732 CVE-2026-21902: An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detecti An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal

CVE-2025-60003 [HIGH] CWE-126 CVE-2025-60003: A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS a A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will

CVE-2026-21908 [HIGH] CWE-416 CVE-2026-21908: A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Junipe A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the proc

CVE-2026-21911 [HIGH] CWE-682 CVE-2026-21911: An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while generating a flood of logs, resulting in high CPU usage.

CVE-2026-21921 [HIGH] CWE-416 CVE-2026-21921: A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Jun A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-cap

CVE-2026-21909 [HIGH] CWE-401 CVE-2026-21909: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (r A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all avail

CVE-2025-59959 [MEDIUM] CWE-822 CVE-2025-59959: An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Netwo An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route detail' is executed, and at least one of the routes in the intended output has specific attr

CVE-2025-60011 [MEDIUM] CWE-754 CVE-2025-60011: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an

CVE-2025-59961 [MEDIUM] CWE-732 CVE-2025-59961: An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (j An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged

CVE-2025-59960 [MEDIUM] CWE-754 CVE-2025-59960: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (j An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts i

CVE-2025-59967 [HIGH] CWE-476 CVE-2025-59967: A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Netwo A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Whenever specific valid multicast traffic is received on any layer 3 interfa