Main Vulnerability Database Vulnerabilities #VU130697

Execution with unnecessary privileges in Junos OS and Junos OS Evolved - CVE-2026-33793

Published: May 8, 2026

Vulnerability identifier: #VU130697

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-33793

CWE-ID: CWE-250

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Junos OS
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to execution with unnecessary privileges in the User Interface (UI) when an unsigned Python op script configuration is present and Python3 op scripts are enabled. A local user can execute a malicious op script to escalate privileges.

Only systems with remote Python3 op scripts enabled are vulnerable.

How to mitigate CVE-2026-33793

Install security update from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-an-unsigned-Python-op-script-configuration-is-present-a-local-low-privileged-user-can-compromise-the-system-CVE-2026-33793

Execution with unnecessary privileges in Junos OS and Junos OS Evolved - CVE-2026-33793

Detailed vulnerability description

How to mitigate CVE-2026-33793

Sources

Please verify you're human