Improper Following of a Certificate's Chain of Trust in Junos OS - CVE-2026-33779

 

Improper Following of a Certificate's Chain of Trust in Junos OS - CVE-2026-33779

Published: May 8, 2026


Vulnerability identifier: #VU130690
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-33779
CWE-ID: CWE-296
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information and potentially modify it.

The vulnerability exists due to improper following of a certificate's chain of trust in J-Web when an SRX device is provisioned to connect to Security Director cloud. A remote attacker can intercept device-to-cloud communication using a machine-in-the-middle position to disclose sensitive information and potentially modify it.

The issue affects communication between SRX devices and Security Director cloud, and exposed data may include credentials.


How to mitigate CVE-2026-33779

Install security update from vendor's website.

Sources