CVE-2026-33775
Received Received - Intake
Memory Leak in Juniper bbe-smgd Causes Denial of Service

Publication date: 2026-04-09

Last updated on: 2026-04-17

Assigner: Juniper Networks, Inc.

Description
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgdΒ has been consumed, no new subscribers will be able to login. The memory utilization of bbe-smgd can be monitored with the following show command: user@host> show system processes extensive | match bbe-smgd The below log message can be observed when this limit has been reached: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion This issue affects Junos OS on MX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-17
Generated
2026-06-19
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-33775
EUVD
EUVD-2026-21086
Affected Vendors & Products
Showing 49 associated CPEs
Vendor Product Version / Range
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.4
juniper junos 23.2
juniper junos 24.2
juniper junos 24.2
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos to 22.4 (exc)
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 24.2
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.2
juniper junos 23.4
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Release of Memory after Effective Lifetime issue in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series devices.

It occurs when the authentication packet-type option is configured and a received packet does not match that packet type, causing a memory leak.

As memory is consumed and not released properly, eventually all available memory for bbe-smgd is exhausted.

When this happens, no new subscribers can log in, resulting in a Denial of Service (DoS).

Impact Analysis

An adjacent, unauthenticated attacker can exploit this vulnerability to cause a Denial of Service (DoS) on Junos OS MX Series devices.

By sending packets that do not match the configured authentication packet-type, the attacker triggers a memory leak in the bbe-smgd daemon.

Once the daemon's memory is exhausted, no new subscribers will be able to log in, potentially disrupting network services and connectivity.

Detection Guidance

The memory utilization of the bbe-smgd daemon can be monitored using the following command:

  • show system processes extensive | match bbe-smgd

Additionally, you can look for the following log message which indicates that the memory limit has been reached:

  • bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion
Mitigation Strategies

To mitigate this vulnerability, monitor the memory utilization of the bbe-smgd process using the command: show system processes extensive | match bbe-smgd.

Be alert for the log message indicating memory exhaustion: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion.

Upgrade Junos OS on MX Series to a fixed version that addresses this issue. The affected versions are all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S2, 24.4 versions before 24.4R2, and 25.2 versions before 25.2R2.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33775. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart