PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33803 Juniper Networks CVE debrief

CVE-2026-33803 Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port.

Vendor
Juniper Networks
Product
Junos OS Evolved
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Juniper Networks Junos OS Evolved, specifically those using versions before 23.2R2-S7-EVO, 23.4 versions before 23.4R2-S8-EVO, 24.2 versions before 24.2R2-S5-EVO, 24.4 versions before 24.4R2-S4-EVO, 25.2 versions before 25.2R2-S1-EVO, and 25.4 versions before 25.4R1-S2-EVO, should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability is caused by a wrong initialization of a process in Juniper Networks Junos OS Evolved, allowing an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. The affected versions are before 23.2R2-S7-EVO, 23.4 versions before 23.4R2-S8-EVO, 24.2 versions before 24.2R2-S5-EVO, 24.4 versions before 24.4R2-S4-EVO, 25.2 versions before 25.2R2-S1-EVO, and 25.4 versions before 25.4R1-S2-EVO.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it can cause a limited information disclosure and availability impact.

Recommended defensive actions

  • Inventory and assess Junos OS Evolved installations for vulnerability
  • Apply patches or updates to affected versions
  • Implement compensating controls to limit exposure
  • Monitor for suspicious activity
  • Verify and document remediation efforts

Evidence notes

The CVE record was published on 2026-07-09T22:17:03.807Z and was last modified on 2026-07-10T14:16:53.430Z. The NVD entry is currently Received. The vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:03.807Z and has not been modified since then. The NVD entry is currently Received.