CVE-2026-33775

EUVD-2026-21086

09.04.2026, 22:16

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory 

available to bbe-smgd has been consumed, no new subscribers will be able to login.

The memory utilization of bbe-smgd can be monitored with the following show command:

user@host> show system processes extensive | match bbe-smgd

The below log message can be observed when this limit has been reached:

bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion


This issue affects Junos OS on MX Series:
  *  all versions before 22.4R3-S8,
  *  23.2 versions before 23.2R2-S5,
  *  23.4 versions before 23.4R2-S6,
  *  24.2 versions before 24.2R2-S2,
  *  24.4 versions before 24.4R2,
  *  25.2 versions before 25.2R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

https://kb.juniper.net/JSA107821