CVE-2026-33773
Received Received - Intake
Incorrect Initialization in Juniper Junos PFE Causes Traffic Integrity Impact

Publication date: 2026-04-09

Last updated on: 2026-04-17

Assigner: Juniper Networks, Inc.

Description
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33773
EUVD
EUVD-2026-21085
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
juniper junos 23.4
juniper junos 24.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Incorrect Initialization of Resource issue in the packet forwarding engine (pfe) of Juniper Networks Junos OS on certain EX Series and QFX Series devices.

Specifically, when the same family inet or inet6 filter is applied both on an IRB interface and on a physical interface as an egress filter on EX4100, EX4400, EX4650, and QFX5120 devices, only one of the two filters will be applied.

This can cause traffic to be sent out through one of these interfaces that should have been blocked, allowing an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.

Impact Analysis

The vulnerability can impact you by allowing unauthorized network traffic to pass through interfaces where it should have been blocked.

This leads to an integrity impact on downstream networks, meaning that the expected filtering and control of network traffic is compromised.

An unauthenticated attacker could exploit this to send malicious or unauthorized traffic, potentially disrupting network operations or bypassing security controls.

Compliance Impact

This vulnerability allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks by bypassing intended traffic filtering on certain Juniper Networks devices. Such integrity impacts could potentially lead to unauthorized data flows or exposure.

However, the provided information does not explicitly describe how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart