Skip to main content

Juniper CVE-2026-33776

| EUVDEUVD-2026-21196 MEDIUM
Missing Authorization (CWE-862)
2026-04-09 sirt@juniper.net GHSA-cp8x-pvqx-wpcc
6.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
22.4R3-S8,24.4R2-S1,25.2R2-EVO
EUVD ID Assigned
Apr 09, 2026 - 22:22 euvd
EUVD-2026-21196
Analysis Generated
Apr 09, 2026 - 22:22 vuln.today
CVE Published
Apr 09, 2026 - 22:16 nvd
MEDIUM 6.8

DescriptionCVE.org

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.

A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information.

This issue affects

Junos OS:

  • all versions before 22.4R3-S8,
  • 23.2 versions before 23.2R2-S6,
  • 23.4 versions before 23.4R2-S6,
  • 24.2 versions before 24.2R2-S4,
  • 24.4 versions before 24.4R2-S1,
  • 25.2 version before 25.2R1-S2, 25.2R2;

Junos OS Evolved:

  • all versions before 23.2R2-S6-EVO,
  • 23.4 version before 23.4R2-S6-EVO,
  • 24.2 version before 24.2R2-S4-EVO,
  • 24.4 versions before 24.4R2-S1-EVO,
  • 25.2 versions before 25.2R2-EVO.

AnalysisAI

Missing authorization in Juniper Networks Junos OS and Junos OS Evolved CLI allows local users with low privileges to execute the 'show mgd' command with specific arguments to read sensitive information. The vulnerability affects multiple version branches of both Junos OS (22.4, 23.2, 23.4, 24.2, 24.4, 25.2) and Junos OS Evolved (23.2, 23.4, 24.2, 24.4, 25.2), with patches available for all affected versions. CVSS score is 6.8 with high confidentiality impact but no public exploit identified at time of analysis.

Technical ContextAI

This vulnerability stems from inadequate access control enforcement in the Junos OS management daemon (mgd) CLI interface, classified under CWE-862 (Missing Authorization). The issue allows local users with low privilege levels to bypass authorization checks and access sensitive information through CLI command execution. The vulnerability specifically affects the 'show mgd' command parser, which fails to properly validate user permissions before exposing restricted data. This is a local attack vector requiring shell access to the device but not requiring elevated (root/admin) privileges, making it accessible to standard unprivileged system users or service accounts with low-level access. Affected products include Juniper Junos OS running on various hardware platforms and Junos OS Evolved (the cloud and virtualized variant of the operating system).

RemediationAI

Vendor-released patches are available for all affected versions: upgrade Junos OS to 22.4R3-S8 or later for the 22.4 branch, 23.2R2-S6 or later for 23.2, 23.4R2-S6 or later for 23.4, 24.2R2-S4 or later for 24.2, 24.4R2-S1 or later for 24.4, and 25.2R1-S2 or 25.2R2 for the 25.2 branch; similarly upgrade Junos OS Evolved to the corresponding -EVO versions. Consult the official Juniper advisory at https://kb.juniper.net/JSA107866 for detailed upgrade procedures, compatibility notes, and any interim mitigations. Until patches can be applied, restrict local shell access to trusted administrators only and audit existing local user accounts for necessity.

CVE-2015-7755 CRITICAL POC
9.8 Dec 19

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r

CVE-2025-21590 MEDIUM
6.7 Mar 12

A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: acti

CVE-2023-36845 CRITICAL POC
9.8 Aug 17

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all

CVE-2013-6618 CRITICAL POC
9.0 Nov 05

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,

CVE-2017-10622 CRITICAL
9.8 Oct 13

An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote un

CVE-2018-20193 HIGH POC
8.8 Dec 21

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by

CVE-2014-6380 HIGH POC
7.8 Oct 14

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor

CVE-2021-0253 HIGH POC
7.8 Apr 22

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al

CVE-2021-0252 HIGH POC
7.8 Apr 22

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow

CVE-2019-0053 HIGH POC
7.8 Jul 11

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe

CVE-2023-22415 HIGH POC
7.5 Jan 13

An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba

CVE-2022-22223 HIGH POC
7.5 Oct 18

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P

Share

CVE-2026-33776 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy