Improper Following of a Certificate's Chain of Trust in Junos OS - CVE-2026-33779
Published: May 8, 2026
Vulnerability identifier: #VU130690
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-33779
CWE-ID: CWE-296
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Junos OS
Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to disclose sensitive information and potentially modify it.
The vulnerability exists due to improper following of a certificate's chain of trust in J-Web when an SRX device is provisioned to connect to Security Director cloud. A remote attacker can intercept device-to-cloud communication using a machine-in-the-middle position to disclose sensitive information and potentially modify it.
The issue affects communication between SRX devices and Security Director cloud, and exposed data may include credentials.
Remediation
Install security update from vendor's website.