CVE-2026-33773: CWE-1419 Incorrect Initialization of Resource in Juniper Networks Junos OS
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-33773) in Juniper Junos OS arises from incorrect initialization of resources in the packet forwarding engine on specific EX and QFX Series devices. When the same inet or inet6 filter is applied simultaneously on an IRB interface and a physical interface as an egress filter, only one filter is applied instead of both. This flaw can allow traffic that should be blocked by one filter to be sent out, causing an integrity impact to downstream networks. The affected software versions are 23.4R2-S6 and 24.2R2-S3 on EX4100, EX4400, EX4650, and QFX5120 devices. The vulnerability has a CVSS 3.1 base score of 5.8 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and an integrity impact. Juniper manages remediation for this cloud-hosted service, and a patch is available.
Potential Impact
The vulnerability can cause an integrity impact by allowing traffic that should be blocked by one of the filters to be sent out on affected interfaces. This may lead to unintended traffic flow and potential exposure of network segments that should be restricted. There is no confidentiality or availability impact reported. No known exploits are currently in the wild.
Mitigation Recommendations
A patch is available for this vulnerability. Since Junos OS is provided as a cloud service, Juniper Networks manages remediation on their side. Users should verify with Juniper's official advisory and ensure their devices are updated to versions that include the fix. No additional mitigation actions are specified or required beyond applying the patch.
CVE-2026-33773: CWE-1419 Incorrect Initialization of Resource in Juniper Networks Junos OS
Description
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-33773) in Juniper Junos OS arises from incorrect initialization of resources in the packet forwarding engine on specific EX and QFX Series devices. When the same inet or inet6 filter is applied simultaneously on an IRB interface and a physical interface as an egress filter, only one filter is applied instead of both. This flaw can allow traffic that should be blocked by one filter to be sent out, causing an integrity impact to downstream networks. The affected software versions are 23.4R2-S6 and 24.2R2-S3 on EX4100, EX4400, EX4650, and QFX5120 devices. The vulnerability has a CVSS 3.1 base score of 5.8 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and an integrity impact. Juniper manages remediation for this cloud-hosted service, and a patch is available.
Potential Impact
The vulnerability can cause an integrity impact by allowing traffic that should be blocked by one of the filters to be sent out on affected interfaces. This may lead to unintended traffic flow and potential exposure of network segments that should be restricted. There is no confidentiality or availability impact reported. No known exploits are currently in the wild.
Mitigation Recommendations
A patch is available for this vulnerability. Since Junos OS is provided as a cloud service, Juniper Networks manages remediation on their side. Users should verify with Juniper's official advisory and ensure their devices are updated to versions that include the fix. No additional mitigation actions are specified or required beyond applying the patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2026-03-23T19:46:13.668Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d843721cc7ad14da3fb403
Added to database: 4/10/2026, 12:25:22 AM
Last enriched: 4/10/2026, 12:51:57 AM
Last updated: 4/10/2026, 8:14:11 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.