PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33800 Juniper Networks CVE debrief

An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a Virtual-Chassis (VC) scenario with locality-bias configured, processing takes a significant amount of time for each event. If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage. This issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304.

Vendor
Juniper Networks
Product
Junos OS
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Security teams and administrators responsible for Juniper Junos OS on MX Series devices should be aware of this vulnerability and take necessary actions to mitigate the risk. Specifically, they should review their deployments, assess potential exposure, and prioritize patching or applying compensating controls as needed. This includes verifying that affected MX series FPCs up to and including MPC9 are identified and addressed, and that configurations such as Virtual-Chassis (VC) scenarios with locality-bias are properly secured.

Technical summary

The vulnerability is caused by an Unchecked Input for Loop Condition in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series. This allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS) by exploiting Micro-BFD session flaps. The issue affects Junos OS on MX Series: all versions before 23.2R2-S7, 23.4 versions before 23.4R2-S8, 24.2 versions before 24.2R2-S4, 24.4 versions before 24.4R2-S3, 25.2 versions before 25.2R2.

Defensive priority

High

Recommended defensive actions

  • Update to a fixed version of Junos OS
  • Implement compensating controls to detect and prevent exploitation
  • Monitor for suspicious activity
  • Review and update incident response plans
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-09T21:16:55.163Z and has not been modified since then. The NVD entry is currently Received. The vulnerability affects MX series FPCs up to and including MPC9, but does not affect MPC10/11, LC4800/9600, and MX304. Evidence is limited to the official CVE record and NVD entry, and defenders should verify the affected scope and severity with Juniper Networks. The issue is caused by an Unchecked Input for Loop Condition in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series, allowing an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T21:16:55.163Z and has not been modified since then. The NVD entry is currently Received.