SB2026050815 - Firewall filters bypass in Junos OS

Security Bulletin ID SB2026050815

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2026-33774)

The vulnerability allows a remote attacker to bypass the configured firewall filter and access the control-plane of the device.

The vulnerability exists due to improper check for unusual or exceptional conditions in the packet forwarding engine (pfe) when processing traffic to a loopback interface lo0.n in the default routing instance. A remote attacker can send network traffic to bypass the configured firewall filter and access the control-plane of the device.

Only MX Series devices with MPC10, MPC11, LC4800 or LC9600 line cards, and MX304 are affected when a firewall filter is applied to a non-0 loopback interface that is not referred to in any routing-instance configuration.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774