CVE-2026-33793
Received Received - Intake
Privilege Escalation via Unsigned Python Scripts in Junos OS

Publication date: 2026-04-09

Last updated on: 2026-04-16

Assigner: Juniper Networks, Inc.

Description
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.  This issue affects Junos OS:  * All versions before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R1-S2, 24.2R2,  * from 24.4 before 24.4R1-S2, 24.4R2;  Junos OS Evolved:  * All versions before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S4-EVO,  * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-EVO,  * from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33793
EUVD
EUVD-2026-21095
Affected Vendors & Products
Showing 79 associated CPEs
Vendor Product Version / Range
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 23.2
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.4
juniper junos 23.2
juniper junos 24.2
juniper junos 24.2
juniper junos 23.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos to 22.4 (exc)
juniper junos 22.4
juniper junos 23.2
juniper junos 23.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 23.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 22.4
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved to 22.4 (exc)
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 24.2
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
juniper junos_os_evolved 24.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, ensure that your Junos OS or Junos OS Evolved device is updated to a fixed version that addresses this issue.

  • Upgrade to Junos OS versions 22.4R3-S7 or later, 23.2R2-S4 or later, 23.4R2-S6 or later, 24.2R1-S2 or later, or 24.4R1-S2 or later as applicable.
  • Upgrade to Junos OS Evolved versions 22.4R3-S7-EVO or later, 23.2R2-S4-EVO or later, 23.4R2-S6-EVO or later, 24.2R2-EVO or later, or 24.4R1-S1-EVO or later as applicable.

Additionally, review and disable any configurations that allow unsigned Python op scripts to run, as this configuration enables the privilege escalation.

Executive Summary

This vulnerability is an Execution with Unnecessary Privileges issue in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved. It allows a local, low-privileged attacker to gain root privileges on the system.

Specifically, when a configuration that permits unsigned Python operational scripts is present on the device, a non-root user can execute malicious operational scripts with root-equivalent privileges, leading to privilege escalation.

Impact Analysis

This vulnerability can have a significant impact as it allows a local attacker with low privileges to escalate their privileges to root level. This means the attacker can fully compromise the affected system, potentially gaining complete control over it.

Such a compromise can lead to unauthorized access, modification, or destruction of data, disruption of services, and further exploitation of the network or connected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33793. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart