CVE-2026-33797
Received Received - Intake
Improper Input Validation in Junos BGP Causes DoS

Publication date: 2026-04-09

Last updated on: 2026-04-23

Assigner: Juniper Networks, Inc.

Description
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33797
EUVD
EUVD-2026-21208
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
juniper junos 25.2
juniper junos 25.2
juniper junos 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos_os_evolved 25.2
juniper junos 25.2
juniper junos_os_evolved 25.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Input Validation issue in Juniper Networks Junos OS and Junos OS Evolved. It allows an unauthenticated, adjacent attacker to send a specific genuine BGP packet within an already established BGP session to reset only that session.

By repeatedly sending this packet, the attacker can sustain a Denial of Service (DoS) condition on the targeted BGP session.

Both eBGP and iBGP sessions are affected, and it impacts both IPv4 and IPv6.

The vulnerability affects Junos OS versions 25.2 before 25.2R2 and Junos OS Evolved versions 25.2-EVO before 25.2R2-EVO.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) on BGP sessions by allowing an attacker to reset those sessions repeatedly.

A sustained DoS on BGP sessions can disrupt network routing, potentially causing network outages or degraded network performance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33797. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart