PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33794 Juniper Networks CVE debrief

CVE-2026-33794 is an Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit (evo-aftmand) of Juniper Networks Junos OS Evolved on PTX Series. This vulnerability allows an unauthenticated network-based attacker to crash the evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS). The conditions required for successful exploitation are based on a sequence of events that are outside an attacker's direct control. Users of Juniper Networks Junos OS Evolved on PTX Series, particularly those with large-scale ECMP unilist deployments, should be aware of this vulnerability and take necessary precautions.

Vendor
Juniper Networks
Product
Junos OS Evolved
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Juniper Networks Junos OS Evolved on PTX Series, particularly those with large-scale ECMP unilist deployments, should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The vulnerability is caused by an issue processing unilist ECMP routing updates, which can lead to internal state corruption and crash the evo-aftmand process. This results in an evo-aftmand-bx core, requiring manual intervention to recover by rebooting the system or restarting the FPC. The affected versions are from 24.4R2-EVO before 24.4R2-S3-EVO and from 25.2 before 25.2R2-EVO. The vulnerability allows an unauthenticated network-based attacker to crash the evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS).

Defensive priority

High priority should be given to patching or mitigating this vulnerability, especially in large-scale ECMP unilist deployments.

Recommended defensive actions

  • Apply the necessary patches or updates to affected systems
  • Implement compensating controls to detect and prevent exploitation
  • Monitor systems for suspicious activity
  • Perform inventory checks to identify affected systems
  • Consider restarting the FPC or rebooting the system if exploitation is detected
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-09T21:16:54.790Z and was last modified on 2026-07-10T15:16:39.250Z. The NVD entry is currently Received. Limited information is available about the vulnerability, and further investigation is recommended. The vulnerability affects Juniper Networks Junos OS Evolved on PTX Series, particularly those with large-scale ECMP unilist deployments.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T21:16:54.790Z and has not been modified since then. The NVD entry is currently Received.