CVE-2026-33783

EUVD-2026-21201

09.04.2026, 22:16

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).


If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured.


This issue affects Junos OS Evolved on PTX Series: 



  *  all versions before 22.4R3-S9-EVO,
  *  23.2 versions before 23.2R2-S6-EVO,
  *  23.4 versions before 23.4R2-S7-EVO,
  *  24.2 versions before 24.2R2-S4-EVO,
  *  24.4 versions before 24.4R2-S2-EVO,
  *  25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
juniper	junos_os_evolved	𝑥 < 22.4
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4:r1
juniper	junos_os_evolved	22.4:r1-s1
juniper	junos_os_evolved	22.4:r1-s2
juniper	junos_os_evolved	22.4:r2
juniper	junos_os_evolved	22.4:r2-s1
juniper	junos_os_evolved	22.4:r2-s2
juniper	junos_os_evolved	22.4:r3
juniper	junos_os_evolved	22.4:r3-s1
juniper	junos_os_evolved	22.4:r3-s2
juniper	junos_os_evolved	22.4:r3-s3
juniper	junos_os_evolved	22.4:r3-s4
juniper	junos_os_evolved	22.4:r3-s5
juniper	junos_os_evolved	22.4:r3-s6
juniper	junos_os_evolved	22.4:r3-s7
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.2:r1
juniper	junos_os_evolved	23.2:r1-s1
juniper	junos_os_evolved	23.2:r1-s2
juniper	junos_os_evolved	23.2:r2
juniper	junos_os_evolved	23.2:r2-s1
juniper	junos_os_evolved	23.2:r2-s2
juniper	junos_os_evolved	23.2:r2-s3
juniper	junos_os_evolved	23.2:r2-s4
juniper	junos_os_evolved	23.2:r2-s5
juniper	junos_os_evolved	23.4
juniper	junos_os_evolved	23.4:r1
juniper	junos_os_evolved	23.4:r1-s1
juniper	junos_os_evolved	23.4:r1-s2
juniper	junos_os_evolved	23.4:r2
juniper	junos_os_evolved	23.4:r2-s1
juniper	junos_os_evolved	23.4:r2-s2
juniper	junos_os_evolved	23.4:r2-s3
juniper	junos_os_evolved	23.4:r2-s4
juniper	junos_os_evolved	23.4:r2-s5
juniper	junos_os_evolved	23.4:r2-s6
juniper	junos_os_evolved	24.2
juniper	junos_os_evolved	24.2:r1
juniper	junos_os_evolved	24.2:r1-s2
juniper	junos_os_evolved	24.2:r2
juniper	junos_os_evolved	24.2:r2-s1
juniper	junos_os_evolved	24.2:r2-s2
juniper	junos_os_evolved	24.2:r2-s3
juniper	junos_os_evolved	24.4
juniper	junos_os_evolved	24.4:r1
juniper	junos_os_evolved	24.4:r1-s2
juniper	junos_os_evolved	24.4:r1-s3
juniper	junos_os_evolved	24.4:r2
juniper	junos_os_evolved	24.4:r2-s1
juniper	junos_os_evolved	25.2
juniper	junos_os_evolved	25.2:r1
juniper	junos_os_evolved	25.2:r1-s1
juniper	junos_os_evolved	25.2:r2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-686 - Function Call With Incorrect Argument Type
The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

References

https://kb.juniper.net/JSA107870