Main Vulnerability Database Vulnerabilities #VU130692

Input validation error in Junos OS and Junos OS Evolved - CVE-2026-33797

Published: May 8, 2026

Vulnerability identifier: #VU130692

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-33797

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Junos OS
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the BGP session handling logic when processing a specific genuine BGP packet in an already established BGP session. A remote attacker can send a specific genuine BGP packet to cause a denial of service.

Repeated packet transmission can sustain the denial of service. Both eBGP and iBGP are affected, and the issue applies to both IPv4 and IPv6.

Remediation

Install security update from vendor's website.

External links

https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797

Input validation error in Junos OS and Junos OS Evolved - CVE-2026-33797

Description

Remediation

External links

Please verify you're human