CVE-2026-33793

HIGH EPSS 5.5%

Published Apr 9, 20262mo ago · Modified Jun 17, 20261w ago

8.5 CVSS 4.0

High

Published Apr 9, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation. This issue affects Junos OS: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R1-S2, 24.2R2, * from 24.4 before 24.4R1-S2, 24.4R2; Junos OS Evolved: * All versions before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-EVO, * from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.

CVSS Details

Base Score

8.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

5.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-250

Affected Products 79

Vendor	Product	Version	Range
juniper	junos	*	<22.4
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	22.4	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos_os_evolved	*	<22.4
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	22.4	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.2	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	23.4	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.2	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	24.4	any
juniper	junos_os_evolved	24.4	any

References 1

supportportal.juniper.net https://supportportal.juniper.net/JSA103142

MitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.