CVE-2026-33791
Received Received - Intake
OS Command Injection in Juniper Junos CLI Allows Root Takeover

Publication date: 2026-04-09

Last updated on: 2026-04-22

Assigner: Juniper Networks, Inc.

Description
An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS:Β  * all versions before 22.4R3-S8,Β  * from 23.2 before 23.2R2-S5,Β  * from 23.4 before 23.4R2-S7,Β  * from 24.2 before 24.2R2-S2,Β  * from 24.4 before 24.4R2,Β  * from 25.2 before 25.2R2;Β  Junos OS Evolved:Β  * all versions before 22.4R3-S8-EVO,Β  * from 23.2 before 23.2R2-S5-EVO,Β  * from 23.4 before 23.4R2-S7-EVO,Β  * from 24.2 before 24.2R2-S2-EVO,Β  * from 24.4 before 24.4R2-EVO,Β  * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33791
EUVD
EUVD-2026-21207
Affected Vendors & Products
Showing 98 associated CPEs
Vendor Product Version / Range
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.4
juniper junos 23.2
juniper junos 24.2
juniper junos 24.2
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos to 22.4 (exc)
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 24.2
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.2
juniper junos 23.4
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos 23.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 22.4
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved to 22.4 (exc)
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved 23.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an OS Command Injection issue in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved. It allows a local attacker with high privileges to execute specially crafted CLI commands that inject arbitrary shell commands running as root.

Specifically, certain 'set system' commands do not properly sanitize input arguments, enabling the attacker to execute arbitrary shell commands with root privileges, potentially leading to full system compromise.

Impact Analysis

The impact of this vulnerability is severe because it allows a local, high-privileged attacker to execute arbitrary commands as root on the affected system.

This can lead to a complete compromise of the system, including unauthorized access, modification, or destruction of data, disruption of services, and potential use of the system as a foothold for further attacks.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your Junos OS or Junos OS Evolved to a fixed version that addresses the issue.

  • For Junos OS, upgrade to versions 22.4R3-S8 or later, 23.2R2-S5 or later, 23.4R2-S7 or later, 24.2R2-S2 or later, 24.4R2 or later, or 25.2R2 or later.
  • For Junos OS Evolved, upgrade to versions 22.4R3-S8-EVO or later, 23.2R2-S5-EVO or later, 23.4R2-S7-EVO or later, 24.2R2-S2-EVO or later, 24.4R2-EVO or later, or 25.2R1-S1-EVO / 25.2R2-EVO or later.

These upgrades ensure that the CLI processing properly sanitizes 'set system' commands to prevent arbitrary shell command injection.

Compliance Impact

This vulnerability allows a local, high-privileged attacker to execute arbitrary shell commands as root, leading to a complete compromise of the system.

Such a compromise could potentially lead to unauthorized access, modification, or destruction of sensitive data, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of data confidentiality, integrity, and availability.

However, the provided information does not explicitly describe the direct effects on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33791. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart