OS Command Injection Vulnerability in Juniper Networks Junos OS
CVE-2026-33791

8.4HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 9 April 2026

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-33791?

An OS Command Injection vulnerability exists in the CLI processing of Juniper Networks' Junos OS and Junos OS Evolved. This flaw enables a local attacker with high privileges to execute crafted CLI commands, compromising the system by injecting arbitrary shell commands that run with root privileges. Specific 'set system' commands fail to properly sanitize their arguments, leading to a critical oversight that can result in complete control over the affected system.

Affected Version(s)

Junos OS 0 < 22.4R3-S8

Junos OS 23.2 < 23.2R2-S5

Junos OS 23.4 < 23.4R2-S7

References

https://kb.juniper.net/JSA107875

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 9, 2026
Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33791 Data

JSON