CVE-2026-33797

Summary

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).

An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS:

  • 25.2 versions before 25.2R2

This issue does not affect Junos OS versions before 25.2R1.

This issue affects Junos OS Evolved:

  • 25.2-EVO versions before 25.2R2-EVO

This issue does not affect Junos OS Evolved versions before 25.2R1-EVO.

eBGP and iBGP are affected. IPv4 and IPv6 are affected.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS25.2 < 25.2R2affected
Juniper NetworksJunos OS0 < 25.2R1unaffected
Juniper NetworksJunos OS Evolved25.2 < 25.2R2-EVOaffected
Juniper NetworksJunos OS Evolved0 < 25.2R1-EVOunaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References