Command injection in Junos OS Evolved and Junos OS - CVE-2026-33791
Published: May 8, 2026
Vulnerability identifier: #VU130702
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-33791
CWE-ID: CWE-77
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Junos OS Evolved
Junos OS
Junos OS Evolved
Junos OS
Detailed vulnerability description
The vulnerability allows a local privileged user to execute arbitrary shell commands as root.
The vulnerability exists due to command injection in the CLI processing of certain 'set system' commands when handling crafted CLI arguments. A local privileged user can execute specific crafted CLI commands to execute arbitrary shell commands as root.
The injected shell commands are executed with root privileges, which can result in complete compromise of the system.
How to mitigate CVE-2026-33791
Install security update from vendor's website.