An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.
This issue affects Junos OS on EX Series and QFX Series:
* 23.4 version 23.4R2-S6,
* 24.2 version 24.2R2-S3.
No other Junos OS versions are affected.
References
| Link | Resource |
|---|---|
| https://kb.juniper.net/JSA107815 | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
17 Apr 2026, 17:56
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:* |
|
| CWE | NVD-CWE-Other | |
| First Time |
Juniper qfx10008
Juniper qfx5700 Juniper ex4100-h Juniper ex4650 Juniper ex2300 Juniper Juniper qfx5120 Juniper qfx5210 Juniper ex4100 Juniper ex9214 Juniper ex9204 Juniper qfx5241 Juniper junos Juniper ex3400 Juniper qfx5240 Juniper qfx10016 Juniper ex4100-f Juniper qfx5200 Juniper ex4000 Juniper qfx5230-64cd Juniper ex2300-c Juniper ex9208 Juniper ex4300 Juniper qfx5220 Juniper ex4400 Juniper qfx5130 Juniper qfx5110 Juniper ex4600 |
|
| References | () https://kb.juniper.net/JSA107815 - Mitigation, Vendor Advisory |
09 Apr 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 22:16
Updated : 2026-04-17 17:56
NVD link : CVE-2026-33773
Mitre link : CVE-2026-33773
CVE.ORG link : CVE-2026-33773
JSON object : View
Products Affected
juniper
- ex9214
- qfx5130
- ex4300
- qfx10008
- qfx10016
- ex9208
- ex4400
- ex4650
- qfx5230-64cd
- ex4600
- qfx5200
- junos
- ex2300-c
- ex4100
- ex2300
- qfx5241
- ex9204
- qfx5240
- qfx5120
- qfx5110
- qfx5220
- ex4100-f
- ex4000
- qfx5700
- ex3400
- qfx5210
- ex4100-h
CWE