CVE-2026-33776

MEDIUM EPSS 0.7%

Published Apr 9, 20262mo ago · Modified Jun 17, 20261w ago

6.8 CVSS 4.0

Medium

Published Apr 9, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.

CVSS Details

Base Score

6.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

0.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 90

Vendor	Product	Version	Range
juniper	junos	*	<22.4
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	junos	25.2	any
juniper	junos_os_evolved	*	<23.2
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	25.2	any
juniper	junos_os_evolved	25.2	any
juniper	junos_os_evolved	25.2	any
juniper	junos_os_evolved	25.2	any

References 1

kb.juniper.net https://kb.juniper.net/JSA107866

MitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.