Platform
juniper
Component
juniper-ctp-os
Fixed in
9.2.1
CVE-2026-33771 describes a Weak Password Requirements vulnerability within the password management function of Juniper Networks CTP OS. An unauthenticated, network-based attacker could exploit this flaw to bypass intended password complexity settings and potentially gain full control of the device. This vulnerability impacts versions 9.2R1 through 9.2R2, and a fix is currently available from Juniper Networks.
The primary impact of CVE-2026-33771 is the potential for unauthorized access and control of Juniper CTP OS devices. Attackers can exploit the lack of enforced password complexity to guess or crack weak passwords, granting them administrative privileges. Successful exploitation could lead to data breaches, configuration changes, denial of service, and even complete compromise of the affected network segment. This vulnerability presents a significant risk, particularly in environments where CTP OS devices manage critical network infrastructure, as an attacker could leverage compromised devices for lateral movement and further attacks.
CVE-2026-33771 was publicly disclosed on 2026-04-09. Its inclusion in the CISA KEV catalog is pending. Currently, no public proof-of-concept (POC) exploits are known, but the vulnerability's nature makes it likely that exploits will emerge. The CVSS score of 7.4 (HIGH) indicates a significant risk, and organizations should prioritize remediation.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33771 is to upgrade to a patched version of Juniper Networks CTP OS as soon as it becomes available. Until the upgrade can be performed, implement temporary workarounds to reduce the risk. This includes enforcing strong password policies through external authentication mechanisms (e.g., RADIUS, TACACS+), limiting network access to CTP OS devices, and implementing Web Application Firewall (WAF) rules to detect and block suspicious password-related requests. Regularly review and audit password policies and user accounts to identify and remediate any potential vulnerabilities. After upgrade, confirm by attempting to set password requirements and verifying they are correctly saved and enforced.
Apply the security updates provided by Juniper Networks for CTP OS. See security advisory JSA107864 on the Juniper website for more details on fixed versions and mitigation steps.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33771 is a HIGH severity vulnerability in Juniper CTP OS versions 9.2R1–9.2R2 that allows attackers to bypass weak password requirements and potentially gain full device control.
If you are running Juniper CTP OS versions 9.2R1 or 9.2R2, you are potentially affected. Check your current version and apply the vendor patch as soon as possible.
Upgrade to a patched version of Juniper CTP OS. Until then, enforce strong password policies and implement WAF rules to mitigate the risk.
While no public exploits are currently known, the vulnerability's nature suggests exploitation is likely. Monitor your systems and apply the patch proactively.
Refer to the Juniper Security Advisories page for the latest information and security updates related to CVE-2026-33771.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.