Improper Certificate Trust Validation in Junos OS on Juniper Networks SRX Series
CVE-2026-33779

8.3HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
9 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-33779?

A vulnerability in the J-Web interface of Juniper Networks' Junos OS allows an attacker to exploit inadequate verification of server certificates when an SRX Series device connects to the Security Director cloud. This weakness permits a potential Man-in-the-Middle (PITM) attack, enabling interception and manipulation of sensitive information, including credentials. This significant flaw affects several versions of Junos OS, making it crucial for users to apply the necessary updates to protect against unauthorized access to their communications.

Affected Version(s)

Junos OS SRX Series 0 < 22.4R3-S9

Junos OS SRX Series 23.2 < 23.2R2-S6

Junos OS SRX Series 23.4 < 23.4R2-S7

References

https://kb.juniper.net/JSA107823
vendor-advisory

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Juniper SIRT would like to acknowledge and thank Konrad Porzezynski for responsibly reporting this vulnerability.
.