PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33801 Juniper Networks CVE debrief

CVE-2026-33801 is an Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker can send a specific BGP update to cause a Denial-of-Service (DoS). Upon receipt of a malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, causing a complete service outage until routing has reconverged. The vulnerability affects Junos OS versions 25.2 before 25.2R2 and Junos OS Evolved versions 25.2 before 25.2R2-EVO.

Vendor
Juniper Networks
Product
Junos OS
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Juniper Networks Junos OS and Junos OS Evolved, particularly those using versions 25.2 before 25.2R2, should be aware of this vulnerability and take steps to mitigate it. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess and address the potential impact on their systems.

Technical summary

The vulnerability exists in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session can cause a Denial-of-Service (DoS). The RPD crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects Junos OS versions 25.2 before 25.2R2 and Junos OS Evolved versions 25.2 before 25.2R2-EVO.

Defensive priority

High priority should be given to updating affected systems, as the vulnerability has a high CVSS score of 7.1 and can cause a complete service outage.

Recommended defensive actions

  • Update to Junos OS version 25.2R2 or later
  • Update to Junos OS Evolved version 25.2R2-EVO or later
  • Restrict BGP updates to only trusted sources
  • Monitor RPD for crashes and restarts
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T21:16:55.330Z and was last modified on 2026-07-10T14:16:53.163Z. The NVD entry is currently Received. The vulnerability affects Juniper Networks Junos OS and Junos OS Evolved, particularly versions 25.2 before 25.2R2. There is no information on known or unknown affected scope beyond the provided details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T21:16:55.330Z and has not been modified since then. The NVD entry is currently Received.