PatchSiren

Juniper Networks CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Juniper Networks CVE published 2026-04-09

CVE-2026-33784

CVE-2026-33784 is a Use of Default Password vulnerability in Juniper Networks Virtual Lightweight Collector (vLWC). The vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible. This issue affects all versions of vLWC before 3. [truncated]

MEDIUM Juniper Networks CVE published 2026-04-09

CVE-2026-33774

CVE-2026-33774 is an Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series. This vulnerability allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. The issue arises on MX platforms with specific line cards (MPC10, MPC11, LC4800, or L [truncated]

CRITICAL Juniper Networks CVE published 2026-04-09

CVE-2026-33771

CVE-2026-33771 is a Weak Password Requirements vulnerability in Juniper Networks CTP OS. The password management function does not enforce intended complexity requirements, allowing weak passwords and potentially leading to unauthorized access. This issue affects CTP OS versions 9.2R1 and 9.2R2. The vulnerability can be verified with the 'Show password requirements' menu option. Administrators and securit [truncated]