PatchSiren cyber security CVE debrief
CVE-2026-33801 Juniper Networks CVE debrief
CVE-2026-33801 is an Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker can send a specific BGP update to cause a Denial-of-Service (DoS). Upon receipt of a malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, causing a complete service outage until routing has reconverged. The vulnerability affects Junos OS versions 25.2 before 25.2R2 and Junos OS Evolved versions 25.2 before 25.2R2-EVO.
- Vendor
- Juniper Networks
- Product
- Junos OS
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Juniper Networks Junos OS and Junos OS Evolved, particularly those using versions 25.2 before 25.2R2, should be aware of this vulnerability and take steps to mitigate it. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess and address the potential impact on their systems.
Technical summary
The vulnerability exists in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session can cause a Denial-of-Service (DoS). The RPD crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects Junos OS versions 25.2 before 25.2R2 and Junos OS Evolved versions 25.2 before 25.2R2-EVO.
Defensive priority
High priority should be given to updating affected systems, as the vulnerability has a high CVSS score of 7.1 and can cause a complete service outage.
Recommended defensive actions
- Update to Junos OS version 25.2R2 or later
- Update to Junos OS Evolved version 25.2R2-EVO or later
- Restrict BGP updates to only trusted sources
- Monitor RPD for crashes and restarts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-09T21:16:55.330Z and was last modified on 2026-07-10T14:16:53.163Z. The NVD entry is currently Received. The vulnerability affects Juniper Networks Junos OS and Junos OS Evolved, particularly versions 25.2 before 25.2R2. There is no information on known or unknown affected scope beyond the provided details.
Official resources
-
CVE-2026-33801 CVE record
CVE.org
-
CVE-2026-33801 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T21:16:55.330Z and has not been modified since then. The NVD entry is currently Received.