Memory Leak Vulnerability in Juniper Networks Junos OS and Evolved Products
CVE-2026-33780

7.1HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 9 April 2026

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-33780?

A vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks' Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to exploit a flaw in memory management. Due to a logic error, memory allocated for routes from remote multi-homed Provider Edge devices is not released properly when churn occurs. This leads to memory leaks within the l2ald process, ultimately causing it to crash and requiring a restart. Continuous monitoring of l2ald's memory consumption is necessary to prevent potential service disruptions.

Affected Version(s)

Junos OS 0 < 22.4R3-S5

Junos OS 23.2 < 23.2R2-S3

Junos OS 23.4 < 23.4R2-S4

References

https://kb.juniper.net/JSA107819

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 9, 2026
Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33780 Data

JSON