Missing Authorization Vulnerability in Juniper Networks Junos OS on MX Series
CVE-2026-33785

6.3MEDIUM

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
9 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-33785?

A local, authenticated user with minimal privileges can exploit a Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series. This flaw allows such users to execute high-privilege commands intended solely for authorized personnel, including operations significant to the management of connected devices. The commands enabled by this vulnerability could compromise the security and integrity of systems managed under Junos OS versions 24.4 before 24.4R2-S3 and 25.2 before 25.2R2, presenting serious implications for device management.

Affected Version(s)

Junos OS MX Series 24.4 < 24.4R2-S3

Junos OS MX Series 25.2 < 25.2R2

Junos OS MX Series 0 < 24.4R1

References

https://kb.juniper.net/JSA107872
vendor-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.