Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-33788PATCHED

juniper · junos os evolved

Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

Description

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead to a full compromise of the affected component. This issue affects Junos OS Evolved on PTX10004, PTX10008, PTX100016, with JNP10K-LC1201 or JNP10K-LC1202: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO.

Affected Products

Vendor	Product	Versions
juniper	junos os evolved	0, 21.4-EVO, 22.2-EVO, 22.3-EVO, 22.4-EVO, 23.2-EVO

References

https://kb.juniper.net/JSA107806(vendor-advisory)

Related News (3 articles)

Tier C

VulDB25d ago

CVE-2026-33788 | Juniper Junos OS Evolved prior 23.2R2-EVO missing authentication (JSA107806)

→ No new info (linked only)

Tier B

BSI Advisories26d ago

[NEU] [hoch] Juniper Patchday April 2026: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR27d ago

Multiples vulnérabilités dans les produits Juniper Networks (09 avril 2026)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

21.2R3-S8-EVO21.4R3-S7-EVO22.2R3-S4-EVO22.3R3-S3-EVO22.4R3-S2-EVO23.2R2-EVO

CWECWE-306

PublishedApr 9, 2026

Last enriched25d agov2

Trending Score3

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple vulnerabilities in Juniper Secure Analytics

HIGHCVE-2026-33785

Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

MEDIUMCVE-2025-30650

Junos OS: Privileged local user can gain access to a Linux-based FPC as root

HIGHCVE-2025-13914

Apstra: SSH host key validation vulnerability for managed devices

HIGHCVE-2026-21916

Junos OS: A low privileged user can escalate their privileges so that they can login as root

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Updated: severity

Apr 10, 2026

Patch Available

Apr 13, 2026

Version History

v2

Last enriched 25d ago

v2Tier C25d ago

Updated severity to CRITICAL and noted that there is no available exploit.

severity

via VulDB

v126d ago

Initial creation