Skip to main content

Juniper CVE-2026-33791

| EUVD-2026-21207 HIGH
OS Command Injection (CWE-78)
2026-04-09 sirt@juniper.net GHSA-j4rr-c2v3-296r
Command Injection Juniper
8.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 16, 2026 - 18:52 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:59 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
25.2R1-S1-EVO,22.4R3-S8-EVO,25.2R2
EUVD ID Assigned
Apr 09, 2026 - 22:22 euvd
EUVD-2026-21207
Analysis Generated
Apr 09, 2026 - 22:22 vuln.today
CVE Published
Apr 09, 2026 - 22:16 nvd
HIGH 8.4

DescriptionNVD

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system.

Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects:

Junos OS:

  • all versions before 22.4R3-S8,
  • from 23.2 before 23.2R2-S5,
  • from 23.4 before 23.4R2-S7,
  • from 24.2 before 24.2R2-S2,
  • from 24.4 before 24.4R2,
  • from 25.2 before 25.2R2;

Junos OS Evolved:

  • all versions before 22.4R3-S8-EVO,
  • from 23.2 before 23.2R2-S5-EVO,
  • from 23.4 before 23.4R2-S7-EVO,
  • from 24.2 before 24.2R2-S2-EVO,
  • from 24.4 before 24.4R2-EVO,
  • from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

AnalysisAI

Command injection in Juniper Networks Junos OS and Junos OS Evolved CLI processing allows high-privileged local attackers to execute arbitrary shell commands as root through crafted 'set system' arguments, enabling complete system compromise. Affects all versions before multiple fixed releases across both operating systems. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Juniper Junos OS and Junos OS Evolved devices in your environment and document current versions. Within 7 days: Obtain and review Juniper's official advisory to confirm fixed versions for each affected OS branch; prepare change management documentation. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-48687 CRITICAL
9.8 May 26

OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped e

Share

CVE-2026-33791 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy