CVE-2026-33797: CWE-20 Improper Input Validation in Juniper Networks Junos OS
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-33797) in Juniper Networks Junos OS and Junos OS Evolved involves improper input validation (CWE-20) of BGP packets. An unauthenticated attacker with adjacency can send a crafted genuine BGP packet in an already established BGP session to forcibly reset that session, resulting in a denial of service. The issue affects Junos OS and Junos OS Evolved 25.2 versions prior to 25.2R2 and 25.2R2-EVO respectively. Both eBGP and iBGP sessions, over IPv4 and IPv6, are vulnerable. The vulnerability does not affect versions before 25.2R1 or 25.2R1-EVO. The CVSS v3.1 base score is 7.4, indicating high severity, with attack vector adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability (session reset causing DoS). No vendor advisory or patch information is currently available.
Potential Impact
An unauthenticated adjacent attacker can cause a denial of service by resetting specific BGP sessions on affected Junos OS and Junos OS Evolved versions. This can disrupt network routing by forcing BGP session resets repeatedly, sustaining the denial of service condition. There is no impact on confidentiality or integrity according to the CVSS vector. The vulnerability affects both IPv4 and IPv6 BGP sessions, including eBGP and iBGP.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, network administrators should consider limiting adjacency to trusted peers and monitoring BGP session stability. No official remediation or temporary fix is currently documented by the vendor.
CVE-2026-33797: CWE-20 Improper Input Validation in Juniper Networks Junos OS
Description
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-33797) in Juniper Networks Junos OS and Junos OS Evolved involves improper input validation (CWE-20) of BGP packets. An unauthenticated attacker with adjacency can send a crafted genuine BGP packet in an already established BGP session to forcibly reset that session, resulting in a denial of service. The issue affects Junos OS and Junos OS Evolved 25.2 versions prior to 25.2R2 and 25.2R2-EVO respectively. Both eBGP and iBGP sessions, over IPv4 and IPv6, are vulnerable. The vulnerability does not affect versions before 25.2R1 or 25.2R1-EVO. The CVSS v3.1 base score is 7.4, indicating high severity, with attack vector adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability (session reset causing DoS). No vendor advisory or patch information is currently available.
Potential Impact
An unauthenticated adjacent attacker can cause a denial of service by resetting specific BGP sessions on affected Junos OS and Junos OS Evolved versions. This can disrupt network routing by forcing BGP session resets repeatedly, sustaining the denial of service condition. There is no impact on confidentiality or integrity according to the CVSS vector. The vulnerability affects both IPv4 and IPv6 BGP sessions, including eBGP and iBGP.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, network administrators should consider limiting adjacency to trusted peers and monitoring BGP session stability. No official remediation or temporary fix is currently documented by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2026-03-23T19:46:13.673Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d822bf1cc7ad14da2ad170
Added to database: 4/9/2026, 10:05:51 PM
Last enriched: 4/24/2026, 11:15:54 PM
Last updated: 5/25/2026, 2:37:46 AM
Views: 93
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.