CVE-2026-33776

EUVD-2026-21196

09.04.2026, 22:16

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.

A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information.

This issue affects

Junos OS:
  *  all versions before 22.4R3-S8,
  *  23.2 versions before 23.2R2-S6,
  *  23.4 versions before 23.4R2-S6,
  *  24.2 versions before 24.2R2-S4,
  *  24.4 versions before 24.4R2-S1,
  *  25.2 version before 25.2R1-S2, 25.2R2;



Junos OS Evolved:
  *  all versions before 23.2R2-S6-EVO,
  *  23.4 version before 23.4R2-S6-EVO,
  *  24.2 version before 24.2R2-S4-EVO,
  *  24.4 versions before 24.4R2-S1-EVO,
  *  25.2 versions before 25.2R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Vulnerability Media Exposure

[GERMAN] Juniper: Unter anderem Root-Sicherheitslücken in Junos OS geschlossen
Angreifer können an zahlreichen Schwachstellen im Netzwerkbetriebssystem Junos OS ansetzen. Nun gibt es Sicherheitsupdates.
Published: 2026-04-09T13:44:00+00:00

References

https://kb.juniper.net/JSA107866