Main Vulnerability Database Vulnerabilities #VU130693

Missing Authentication for Critical Function in Junos OS Evolved - CVE-2026-33788

Published: May 8, 2026

Vulnerability identifier: #VU130693

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-33788

CWE-ID: CWE-306

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a local user to gain direct access to installed flexible pic concentrators.

The vulnerability exists due to missing authentication for critical function in the flexible pic concentrators (FPCs) when handling local access by authenticated low-privileged users. A local user can gain direct access to the installed FPCs to gain direct access to installed flexible pic concentrators.

Successful exploitation provides access to the affected component as a high privileged user and can potentially lead to full compromise of that component.

How to mitigate CVE-2026-33788

Install security update from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788

Missing Authentication for Critical Function in Junos OS Evolved - CVE-2026-33788

Detailed vulnerability description

How to mitigate CVE-2026-33788

Sources

Please verify you're human