CVE-2026-33773: CWE-1419 Incorrect Initialization of Resource in Juniper Networks Junos OS
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-33773) in Juniper Junos OS arises from incorrect initialization of filtering resources in the packet forwarding engine on EX4100, EX4400, EX4650, and QFX5120 devices. When the same inet or inet6 filter is applied simultaneously on an IRB interface and a physical interface as an egress filter, only one filter is applied, potentially allowing traffic that should be blocked to pass through. This flaw affects Junos OS versions 23.4R2-S6 and 24.2R2-S3. The issue can be exploited remotely without authentication, impacting the integrity of downstream networks. Juniper manages remediation for this cloud service, and a patch is available.
Potential Impact
The vulnerability allows an unauthenticated, network-based attacker to bypass intended egress filtering on affected Juniper devices, potentially sending unauthorized traffic to downstream networks. This results in an integrity impact but does not affect confidentiality or availability. The CVSS v3.1 base score is 5.8 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and a scope change with integrity impact only.
Mitigation Recommendations
A patch is available for this vulnerability. Since Junos OS is provided as a cloud service, Juniper Networks manages remediation server-side. Users should verify with Juniper's official advisory and ensure their devices are updated to versions beyond 23.4R2-S6 and 24.2R2-S3 or apply the provided patches to mitigate the issue. No additional mitigation steps are indicated by the vendor advisory.
CVE-2026-33773: CWE-1419 Incorrect Initialization of Resource in Juniper Networks Junos OS
Description
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-33773) in Juniper Junos OS arises from incorrect initialization of filtering resources in the packet forwarding engine on EX4100, EX4400, EX4650, and QFX5120 devices. When the same inet or inet6 filter is applied simultaneously on an IRB interface and a physical interface as an egress filter, only one filter is applied, potentially allowing traffic that should be blocked to pass through. This flaw affects Junos OS versions 23.4R2-S6 and 24.2R2-S3. The issue can be exploited remotely without authentication, impacting the integrity of downstream networks. Juniper manages remediation for this cloud service, and a patch is available.
Potential Impact
The vulnerability allows an unauthenticated, network-based attacker to bypass intended egress filtering on affected Juniper devices, potentially sending unauthorized traffic to downstream networks. This results in an integrity impact but does not affect confidentiality or availability. The CVSS v3.1 base score is 5.8 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and a scope change with integrity impact only.
Mitigation Recommendations
A patch is available for this vulnerability. Since Junos OS is provided as a cloud service, Juniper Networks manages remediation server-side. Users should verify with Juniper's official advisory and ensure their devices are updated to versions beyond 23.4R2-S6 and 24.2R2-S3 or apply the provided patches to mitigate the issue. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2026-03-23T19:46:13.668Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d843721cc7ad14da3fb403
Added to database: 4/10/2026, 12:25:22 AM
Last enriched: 4/17/2026, 11:58:12 AM
Last updated: 5/25/2026, 6:13:14 AM
Views: 71
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.