Platform
juniper
Component
junos
Fixed in
21.2R3-S8-EVO
21.4R3-S7-EVO
22.2R3-S4-EVO
22.3R3-S3-EVO
22.4R3-S2-EVO
23.2R2-EVO
CVE-2026-33788 describes a Missing Authentication for Critical Function vulnerability within the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series devices. This flaw allows a local, authenticated attacker with low privileges to escalate to high privileges and gain direct access to the FPCs. The vulnerability impacts versions prior to 21.2R3-S8-EVO and is addressed in version 23.2R2-EVO.
The impact of CVE-2026-33788 is significant due to the potential for complete compromise of the affected FPC. An attacker who can exploit this vulnerability can bypass authentication controls and directly access the FPC, effectively gaining root-level access. This could allow them to modify system configurations, steal sensitive data stored on the FPC, or even pivot to other parts of the network. The ability to directly access the FPC represents a substantial escalation of privileges, making it a high-risk vulnerability. Successful exploitation could lead to denial of service, data breaches, and potentially complete network takeover.
CVE-2026-33788 was publicly disclosed on April 9, 2026. Its inclusion in the CISA KEV catalog (KEV) status is currently unknown. Public proof-of-concept (POC) code is not yet available, but the vulnerability's nature suggests a relatively high likelihood of exploitation once a POC is released. Given the ease of local access required for exploitation, it presents a significant risk for organizations with physical access to their Juniper devices.
Exploit Status
EPSS
0.02% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33788 is to upgrade Juniper Junos OS Evolved to version 23.2R2-EVO or later. Prior to upgrading, it's crucial to review the release notes for any potential compatibility issues or breaking changes. If an immediate upgrade is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful attack. While a direct workaround isn't available, restricting access to the FPCs and implementing strict authentication policies can reduce the attack surface. After upgrading, confirm the fix by attempting to access the FPC with a low-privilege user account and verifying that access is denied.
Update Junos OS Evolved on devices PTX10004, PTX10008, PTX100016 with JNP10K-LC1201 or JNP10K-LC1202 to version 21.2R3-S8-EVO or later, 21.4R3-S7-EVO or later, 22.2R3-S4-EVO or later, 22.3R3-S3-EVO or later, 22.4R3-S2-EVO or later, or 23.2R2-EVO or later to mitigate the vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33788 is a HIGH severity vulnerability in Juniper Junos OS Evolved allowing a local, authenticated attacker to gain direct access to FPCs, potentially leading to full component compromise.
You are affected if you are running Junos OS Evolved on PTX Series devices (PTX10004, PTX10008, PTX100016) with JNP10K-LC1201 or JNP10K-LC1202 versions before 21.2R3-S8-EVO.
Upgrade to Juniper Junos OS Evolved version 23.2R2-EVO or later. Review release notes before upgrading to avoid compatibility issues.
While no active exploitation has been confirmed, the vulnerability's nature suggests a high likelihood of exploitation once a proof-of-concept is released.
Refer to the official Juniper Security Advisory for details: [https://www.juniper.net/us/en/support/security/advisories/CVE-2026-33788/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.