MEDIUMCVE-2026-33776CVSS 5.5

CVE-2026-33776: Missing Authorization in Juniper Junos OS

Platform

juniper

Component

juniper-netconf

Fixed in

22.4R3-S8

23.2R2-S6

23.4R2-S6

24.2R2-S4

24.4R2-S1

25.2R1-S2, 25.2R2

23.2R2-S6-EVO

23.4R2-S6-EVO

24.2R2-S4-EVO

24.4R2-S1-EVO

25.2R2-EVO

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2026-33776 describes a Missing Authorization vulnerability within the Command Line Interface (CLI) of Juniper Networks Junos OS and Junos OS Evolved. This flaw allows a local user with low privileges to access sensitive information by exploiting the 'show mgd' command. The vulnerability impacts versions prior to 22.4R3-S8, 23.2 versions before 23.2R2-S6, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S4, 24.4 versions before 24.4R2-S1, 25.2 versions before 25.2R1-S2, and 25.2R2. A fix is available in Junos OS Evolved 25.2R2-EVO.

Impact and Attack Scenarios

The primary impact of CVE-2026-33776 is the unauthorized disclosure of sensitive information. A low-privilege local user can leverage the 'show mgd' CLI command with specific arguments to extract this data. The exact nature of the sensitive information exposed is not detailed in the description, but the potential for data leakage is significant. This could include configuration details, credentials, or other proprietary data, depending on the system's configuration. While the vulnerability requires local access, a compromised account or physical access to the device could be exploited to gain this foothold. The blast radius is limited to the affected device, but the information exposed could be used for further attacks or to compromise other systems within the network.

Exploitation Context

CVE-2026-33776 was publicly disclosed on 2026-04-09. Its inclusion in the CISA KEV catalog (KEV) is currently unknown. Public proof-of-concept (POC) code is not yet available, suggesting a relatively low probability of immediate exploitation. The vulnerability's reliance on local access limits its exploitability compared to remote code execution vulnerabilities, but the potential for insider threats or physical access compromises remains a concern. The NVD entry is pending, but the public disclosure date indicates it will be published shortly.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

0.01% (2% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

CVSS Vector

Affected Software

Componentjuniper-netconf

VendorJuniper Networks

Affected rangeFixed in

0 – 22.4R3-S822.4R3-S8

23.2 – 23.2R2-S623.2R2-S6

23.4 – 23.4R2-S623.4R2-S6

24.2 – 24.2R2-S424.2R2-S4

24.4 – 24.4R2-S124.4R2-S1

25.2 – 25.2R1-S2, 25.2R225.2R1-S2, 25.2R2

0 – 23.2R2-S6-EVO23.2R2-S6-EVO

23.4 – 23.4R2-S6-EVO23.4R2-S6-EVO

24.2 – 24.2R2-S4-EVO

Weakness Classification (CWE)

CWE-862

Timeline

Reserved2026-03-23
Published2026-04-09
Modified2026-04-10
EPSS updated2026-04-17

Mitigation and Workarounds

The primary mitigation for CVE-2026-33776 is to upgrade to the fixed version, 25.2R2-EVO for Junos OS Evolved. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting CLI access to authorized personnel and implementing strict access controls can limit the potential for exploitation. Monitoring the 'show mgd' command for unusual activity can provide early detection of potential attacks. While a direct WAF rule is unlikely to be effective, reviewing and hardening CLI configurations is recommended. After upgrading, confirm the fix by attempting to execute the vulnerable 'show mgd' command with unauthorized credentials; the command should be denied.

How to fix

Update your Junos OS or Junos OS Evolved system to a patched version (22.4R3-S8 or later, 23.2R2-S6 or later, 23.4R2-S6 or later, 24.2R2-S4 or later, 24.4R2-S1 or later, 25.2R1-S2 or 25.2R2 or later, or the corresponding EVO versions) to mitigate the vulnerability. Review Juniper Networks documentation for detailed upgrade instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-33776 — Missing Authorization in Juniper Junos OS?

CVE-2026-33776 is a vulnerability in Juniper Junos OS and Junos OS Evolved that allows a local user to read sensitive information via the 'show mgd' CLI command. It is rated MEDIUM severity (CVSS 5.5).

Am I affected by CVE-2026-33776 in Juniper Junos OS?

You are affected if you are running Junos OS versions prior to 22.4R3-S8, 23.2 versions before 23.2R2-S6, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S4, 24.4 versions before 24.4R2-S1, 25.2 versions before 25.2R1-S2, or 25.2R2.

How do I fix CVE-2026-33776 in Juniper Junos OS?

Upgrade to Junos OS Evolved 25.2R2-EVO. If immediate upgrade is not possible, restrict CLI access and monitor for unusual activity.

Is CVE-2026-33776 being actively exploited?

There are currently no reports of active exploitation, but the vulnerability is publicly known and could be targeted in the future.

Where can I find the official Juniper advisory for CVE-2026-33776?

Refer to the Juniper Security Advisory when it is published; check the Juniper Security Bulletins page for updates.