CVE-2026-33799
Awaiting Analysis
Awaiting Analysis - Queue
Out-of-Bounds Write in Juniper Networks Junos OS SNMP Daemon
Vulnerability report for CVE-2026-33799, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-09
Last updated on: 2026-07-10
Assigner: Juniper Networks, Inc.
Description
Description
An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.
Memory usage can be monitored using the following command:
user@device> show system processes extensive | match snmpd
This issue affects:
Junos OS:
* all versions before 21.2R3-S8;
* from 21.4 before 21.4R3-S7;
* from 22.1 before 22.1R3-S6;
* from 22.2 before 22.2R3-S4;
* from 22.3 before 22.3R3-S3;
* from 22.4 before 22.4R3-S2;
* from 23.2 before 23.2R2;
* from 23.4 before 23.4R2.
Junos OS Evolved:
* all versions before 21.2R3-S8-EVO;
* from 21.4 before 21.4R3-S7-EVO;
* all versions of 22.1-EVO,
* from 22.2 before 22.2R3-S4-EVO;
* from 22.3 before 22.3R3-S3-EVO;
* all versions of 22.4-EVO,
* from 23.2 before 23.2R2-EVO;
* from 23.4 before 23.4R2-EVO.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junoss | to 21.2R3-S8 (exc) |
| juniper | junoss | From 21.4 (inc) to 21.4R3-S7 (exc) |
| juniper | junoss | From 22.1 (inc) to 22.1R3-S6 (exc) |
| juniper | junoss | From 22.2 (inc) to 22.2R3-S4 (exc) |
| juniper | junoss | From 22.3 (inc) to 22.3R3-S3 (exc) |
| juniper | junoss | From 22.4 (inc) to 22.4R3-S2 (exc) |
| juniper | junoss | From 23.2 (inc) to 23.2R2 (exc) |
| juniper | junoss | From 23.4 (inc) to 23.4R2 (exc) |
| juniper | junose | to 21.2R3-S8-EVO (exc) |
| juniper | junose | From 21.4 (inc) to 21.4R3-S7-EVO (exc) |
| juniper | junose | * |
| juniper | junose | From 22.2 (inc) to 22.2R3-S4-EVO (exc) |
| juniper | junose | From 22.3 (inc) to 22.3R3-S3-EVO (exc) |
| juniper | junose | From 23.2 (inc) to 23.2R2-EVO (exc) |
| juniper | junose | From 23.4 (inc) to 23.4R2-EVO (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |