Main Vulnerability Database Vulnerabilities #VU130692

Input validation error in Junos OS and Junos OS Evolved - CVE-2026-33797

Published: May 8, 2026

Vulnerability identifier: #VU130692

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-33797

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Junos OS
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the BGP session handling logic when processing a specific genuine BGP packet in an already established BGP session. A remote attacker can send a specific genuine BGP packet to cause a denial of service.

Repeated packet transmission can sustain the denial of service. Both eBGP and iBGP are affected, and the issue applies to both IPv4 and IPv6.

How to mitigate CVE-2026-33797

Install security update from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797

Input validation error in Junos OS and Junos OS Evolved - CVE-2026-33797

Detailed vulnerability description

How to mitigate CVE-2026-33797

Sources

Please verify you're human