CVE-2026-33781

{"id": "CVE-2026-33781", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-09T22:16:27.193", "references": [{"url": "https://kb.juniper.net/JSA107869", "tags": ["Mitigation", "Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).\n\nOn EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:\n\n\n\n * 24.4 releases before 24.4R2,\n * 25.2 releases before 25.2R1-S1, 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4R1."}], "lastModified": "2026-04-17T17:53:32.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21"}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D74087E2-5CAA-4085-8408-EB70EC1D5D91"}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B7572BB-9C77-4214-9C5F-CC83C7B93E37"}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAADBF98-38BE-40E2-AF1B-9077DCED0809"}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C7B9DEB-7472-4010-8717-8050555C2FAD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "152FD759-F5D2-4ACE-ADD6-7FE89B31D961"}, {"criteria": "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2521C83-E8F2-4621-9727-75BB3FC11E64"}, {"criteria": "cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F496D19-D28C-4517-90A3-90EC62BC5D79"}, {"criteria": "cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DA4A8C7-EBC0-449E-BD37-69FABDC917C2"}, {"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168"}, {"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2"}, {"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A"}, {"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0"}, {"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F"}, {"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF"}, {"criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E"}, {"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174"}, {"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1"}, {"criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D"}, {"criteria": "cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675"}, {"criteria": "cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9ABF8F9D-45C1-4554-A213-435A68709FCB"}, {"criteria": "cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "685120A6-7005-4ECB-A37F-0F225BB92676"}, {"criteria": "cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C7D6C74F-E85F-4D62-BDAF-FE619B467C76"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}