Is there a patch available for CVE-2026-33785?

Yes, a patch is available for CVE-2026-33785. Update the affected software to the latest version immediately.

Juniper CVE-2026-33785

Q: What is the CVSS score of CVE-2026-33785?

CVE-2026-33785 has a CVSS 4.0 base score of 6.3 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21204 MEDIUM

Missing Authorization (CWE-862)

2026-04-09 sirt@juniper.net

GHSA-m5fr-cwvv-7qff

Authentication Bypass Juniper

6.3

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

24.4R2-S3,25.2R2

EUVD ID Assigned

Apr 09, 2026 - 22:22 euvd

EUVD-2026-21204

Analysis Generated

Apr 09, 2026 - 22:22 vuln.today

CVE Published

Apr 09, 2026 - 22:16 nvd

MEDIUM 6.3

DescriptionNVD

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.

Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX.

This issue affects Junos OS on MX Series:

24.4 releases before 24.4R2-S3,
25.2 releases before 25.2R2.

This issue does not affect Junos OS releases before 24.4.

AnalysisAI

Juniper Networks Junos OS on MX Series allows authenticated local users with low privileges to execute 'request csds' CLI commands intended only for high-privileged administrators or CSDS operators, enabling complete compromise of managed devices. The vulnerability affects Junos OS 24.4 releases before 24.4R2-S3 and 25.2 releases before 25.2R2. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-48687 CRITICAL Act Now

9.8 May 26

OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped e

CVE-2026-33785 vulnerability details – vuln.today

Back

Juniper CVE-2026-33785

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

Juniper CVE-2026-33785

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code