Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-33785PATCHED

juniper · junos os

Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

Description

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.

Affected Products

Vendor	Product	Versions
juniper	junos os	24.4, 25.2

References

https://kb.juniper.net/JSA107872(vendor-advisory)

Related News (3 articles)

Tier C

VulDB25d ago

CVE-2026-33785 | Juniper Junos OS up to 24.4R0/24.4R2-S2/25.2R1 Security Distributed Service authorization (JSA107872)

→ No new info (linked only)

Tier B

BSI Advisories26d ago

[NEU] [hoch] Juniper Patchday April 2026: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR27d ago

Multiples vulnérabilités dans les produits Juniper Networks (09 avril 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

24.4R2-S325.2R20

CWECWE-862

PublishedApr 9, 2026

Last enriched25d agov2

Tags

CVE-2026-33785

Trending Score3

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple vulnerabilities in Juniper Secure Analytics

HIGHCVE-2026-33788

Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

MEDIUMCVE-2025-30650

Junos OS: Privileged local user can gain access to a Linux-based FPC as root

HIGHCVE-2025-13914

Apstra: SSH host key validation vulnerability for managed devices

HIGHCVE-2026-21916

Junos OS: A low privileged user can escalate their privileges so that they can login as root

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Updated: severity, affectedVersions, tags

Apr 10, 2026

Patch Available

Apr 14, 2026

Version History

v2

Last enriched 25d ago

v2Tier C25d ago

Updated severity to CRITICAL, added new affected versions, and corrected exploit availability status.

severityaffectedVersionstags

via VulDB

v126d ago

Initial creation