CVE-2026-33776
Received Received - Intake
Missing Authorization in Junos OS CLI Exposes Sensitive Data

Publication date: 2026-04-09

Last updated on: 2026-04-16

Assigner: Juniper Networks, Inc.

Description
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-16
Generated
2026-05-06
AI Q&A
2026-04-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-33776
EUVD
EUVD-2026-21196
Affected Vendors & Products
Showing 90 associated CPEs
Vendor Product Version / Range
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.4
juniper junos 23.2
juniper junos 24.2
juniper junos 24.2
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos to 22.4 (exc)
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 24.2
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.2
juniper junos 24.4
juniper junos 23.4
juniper junos 24.2
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 23.2
juniper junos 24.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved to 23.2 (exc)
juniper junos_os_evolved 23.2
juniper junos_os_evolved 24.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Missing Authorization issue in the CLI of Juniper Networks Junos OS and Junos OS Evolved. It allows a local user with low privileges to execute the CLI command 'show mgd' with specific arguments, which exposes sensitive information that they should not normally have access to.


How can this vulnerability impact me? :

The impact of this vulnerability is that a local user with low privileges can read sensitive information by exploiting the missing authorization in the CLI command. This could lead to unauthorized disclosure of sensitive data within the affected Junos OS or Junos OS Evolved systems.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if a local user with low privileges is able to execute the CLI command 'show mgd' with specific arguments that expose sensitive information.

To detect the vulnerability, you can attempt to run the command 'show mgd' with various arguments from a low-privilege user account on affected Junos OS or Junos OS Evolved versions.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading Junos OS or Junos OS Evolved to a fixed version that addresses this vulnerability.

  • For Junos OS, upgrade to versions 22.4R3-S8 or later, 23.2R2-S6 or later, 23.4R2-S6 or later, 24.2R2-S4 or later, 24.4R2-S1 or later, or 25.2R1-S2 / 25.2R2 or later.
  • For Junos OS Evolved, upgrade to versions 23.2R2-S6-EVO or later, 23.4R2-S6-EVO or later, 24.2R2-S4-EVO or later, 24.4R2-S1-EVO or later, or 25.2R2-EVO or later.

Until upgrades can be applied, restrict local user access to the CLI or limit the ability of low-privilege users to execute the 'show mgd' command with sensitive arguments.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart