CVE-2026-33773
Received Received - Intake
Incorrect Initialization in Juniper Junos PFE Causes Traffic Integrity Impact

Publication date: 2026-04-09

Last updated on: 2026-04-17

Assigner: Juniper Networks, Inc.

Description
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-17
Generated
2026-05-07
AI Q&A
2026-04-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-33773
EUVD
EUVD-2026-21085
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
juniper junos 23.4
juniper junos 24.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Incorrect Initialization of Resource issue in the packet forwarding engine (pfe) of Juniper Networks Junos OS on certain EX Series and QFX Series devices.

Specifically, when the same family inet or inet6 filter is applied both on an IRB interface and on a physical interface as an egress filter on EX4100, EX4400, EX4650, and QFX5120 devices, only one of the two filters will be applied.

This can cause traffic to be sent out through one of these interfaces that should have been blocked, allowing an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing unauthorized network traffic to pass through interfaces where it should have been blocked.

This leads to an integrity impact on downstream networks, meaning that the expected filtering and control of network traffic is compromised.

An unauthenticated attacker could exploit this to send malicious or unauthorized traffic, potentially disrupting network operations or bypassing security controls.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks by bypassing intended traffic filtering on certain Juniper Networks devices. Such integrity impacts could potentially lead to unauthorized data flows or exposure.

However, the provided information does not explicitly describe how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart