PatchSiren cyber security CVE debrief
CVE-2026-33794 Juniper Networks CVE debrief
CVE-2026-33794 is an Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit (evo-aftmand) of Juniper Networks Junos OS Evolved on PTX Series. This vulnerability allows an unauthenticated network-based attacker to crash the evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS). The conditions required for successful exploitation are based on a sequence of events that are outside an attacker's direct control. Users of Juniper Networks Junos OS Evolved on PTX Series, particularly those with large-scale ECMP unilist deployments, should be aware of this vulnerability and take necessary precautions.
- Vendor
- Juniper Networks
- Product
- Junos OS Evolved
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Juniper Networks Junos OS Evolved on PTX Series, particularly those with large-scale ECMP unilist deployments, should be aware of this vulnerability and take necessary precautions to prevent exploitation.
Technical summary
The vulnerability is caused by an issue processing unilist ECMP routing updates, which can lead to internal state corruption and crash the evo-aftmand process. This results in an evo-aftmand-bx core, requiring manual intervention to recover by rebooting the system or restarting the FPC. The affected versions are from 24.4R2-EVO before 24.4R2-S3-EVO and from 25.2 before 25.2R2-EVO. The vulnerability allows an unauthenticated network-based attacker to crash the evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS).
Defensive priority
High priority should be given to patching or mitigating this vulnerability, especially in large-scale ECMP unilist deployments.
Recommended defensive actions
- Apply the necessary patches or updates to affected systems
- Implement compensating controls to detect and prevent exploitation
- Monitor systems for suspicious activity
- Perform inventory checks to identify affected systems
- Consider restarting the FPC or rebooting the system if exploitation is detected
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-09T21:16:54.790Z and was last modified on 2026-07-10T15:16:39.250Z. The NVD entry is currently Received. Limited information is available about the vulnerability, and further investigation is recommended. The vulnerability affects Juniper Networks Junos OS Evolved on PTX Series, particularly those with large-scale ECMP unilist deployments.
Official resources
-
CVE-2026-33794 CVE record
CVE.org
-
CVE-2026-33794 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T21:16:54.790Z and has not been modified since then. The NVD entry is currently Received.