Vulnerability Details CVE-2026-33803
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.
Due to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.
This issue affects Junos OS Evolved:
* all versions before 23.2R2-S7-EVO,
* 23.4 versions before 23.4R2-S8-EVO,
* 24.2 versions before 24.2R2-S5-EVO,
* 24.4 versions before 24.4R2-S4-EVO,
* 25.2 versions before 25.2R2-S1-EVO,
* 25.4 versions before 25.4R1-S2-EVO.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 27.5%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-33803
-
cpe:2.3:o:juniper:junos_os_evolved:18.3
-
cpe:2.3:o:juniper:junos_os_evolved:19.1
-
cpe:2.3:o:juniper:junos_os_evolved:19.2
-
cpe:2.3:o:juniper:junos_os_evolved:19.3
-
cpe:2.3:o:juniper:junos_os_evolved:19.4
-
cpe:2.3:o:juniper:junos_os_evolved:20.1
-
cpe:2.3:o:juniper:junos_os_evolved:20.2
-
cpe:2.3:o:juniper:junos_os_evolved:20.3
-
cpe:2.3:o:juniper:junos_os_evolved:20.4
-
cpe:2.3:o:juniper:junos_os_evolved:21.1
-
cpe:2.3:o:juniper:junos_os_evolved:21.2
-
cpe:2.3:o:juniper:junos_os_evolved:21.3
-
cpe:2.3:o:juniper:junos_os_evolved:21.4
-
cpe:2.3:o:juniper:junos_os_evolved:22.1
-
cpe:2.3:o:juniper:junos_os_evolved:22.2
-
cpe:2.3:o:juniper:junos_os_evolved:22.3
-
cpe:2.3:o:juniper:junos_os_evolved:22.4
-
cpe:2.3:o:juniper:junos_os_evolved:23.1
-
cpe:2.3:o:juniper:junos_os_evolved:23.2
-
cpe:2.3:o:juniper:junos_os_evolved:23.4
-
cpe:2.3:o:juniper:junos_os_evolved:24.2
-
cpe:2.3:o:juniper:junos_os_evolved:24.4
-
cpe:2.3:o:juniper:junos_os_evolved:25.2
-
cpe:2.3:o:juniper:junos_os_evolved:25.4