Is Juniper affected by EUVD-2026-21201?

CVE-2026-33783 is a high-severity denial of service vulnerability in Juniper Junos OS Evolved on PTX Series routers that allows authenticated network users to permanently crash critical forwarding services, requiring manual intervention to restore routing capability.

EUVD-2026-21201

| CVE-2026-33783 HIGH

2026-04-09 [email protected]

GHSA-q83c-r2qf-fvp6

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Apr 09, 2026 - 22:22 euvd

EUVD-2026-21201

Analysis Generated

Apr 09, 2026 - 22:22 vuln.today

CVE Published

Apr 09, 2026 - 22:16 nvd

HIGH 7.1

Description

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.

Analysis

Complete persistent denial of service in Juniper Networks Junos OS Evolved on PTX Series routers allows authenticated, low-privilege network attackers to crash the evo-aftmand service with no automatic recovery. The vulnerability triggers when PCEP-provisioned colored SRTE policy tunnels with 32-bit ASN values (greater than 65,535) in the Originator ASN field are monitored via gRPC, causing permanent forwarding plane failure until manual system restart. …

Remediation

Within 24 hours: Inventory all PTX Series routers running Junos OS Evolved through version 25.2 and identify which systems have PCEP-provisioned colored SRTE policies with 32-bit ASN values. Within 7 days: Implement access controls restricting network users with PCEP provisioning capability to trusted administrators only, and disable gRPC monitoring of affected SRTE policy tunnels if operationally feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

EUVD-2026-21201 vulnerability details – vuln.today

Back

EUVD-2026-21201

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21201

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code