PatchSiren cyber security CVE debrief
CVE-2026-33803 Juniper Networks CVE debrief
CVE-2026-33803 Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port.
- Vendor
- Juniper Networks
- Product
- Junos OS Evolved
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of Juniper Networks Junos OS Evolved, specifically those using versions before 23.2R2-S7-EVO, 23.4 versions before 23.4R2-S8-EVO, 24.2 versions before 24.2R2-S5-EVO, 24.4 versions before 24.4R2-S4-EVO, 25.2 versions before 25.2R2-S1-EVO, and 25.4 versions before 25.4R1-S2-EVO, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a wrong initialization of a process in Juniper Networks Junos OS Evolved, allowing an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. The affected versions are before 23.2R2-S7-EVO, 23.4 versions before 23.4R2-S8-EVO, 24.2 versions before 24.2R2-S5-EVO, 24.4 versions before 24.4R2-S4-EVO, 25.2 versions before 25.2R2-S1-EVO, and 25.4 versions before 25.4R1-S2-EVO.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it can cause a limited information disclosure and availability impact.
Recommended defensive actions
- Inventory and assess Junos OS Evolved installations for vulnerability
- Apply patches or updates to affected versions
- Implement compensating controls to limit exposure
- Monitor for suspicious activity
- Verify and document remediation efforts
Evidence notes
The CVE record was published on 2026-07-09T22:17:03.807Z and was last modified on 2026-07-10T14:16:53.430Z. The NVD entry is currently Received. The vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.
Official resources
-
CVE-2026-33803 CVE record
CVE.org
-
CVE-2026-33803 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:03.807Z and has not been modified since then. The NVD entry is currently Received.