CVE-2026-33801
Awaiting Analysis Awaiting Analysis - Queue

Denial-of-Service in Juniper Junos OS via BGP Update

Vulnerability report for CVE-2026-33801, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS). Upon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects: * Junos OS versions 25.2 before 25.2R2; * Junos OS Evolved versions 25.2 before 25.2R2-EVO. This issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
juniper junoss to 25.2R2 (exc)
juniper junose to 25.2R2-EVO (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Check for Unusual or Exceptional Conditions in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved. It allows an adjacent, unauthenticated attacker to send a specifically malformed BGP update over an established BGP session, which causes the RPD to crash and restart.

The crash happens upon receipt of a malformed non-inet/inet6 unicast BGP update, leading to a Denial-of-Service (DoS) condition. The service outage lasts until routing reconverges. The crash occurs before the update can be readvertised, so the malformed update does not propagate downstream.

Impact Analysis

The primary impact of this vulnerability is a Denial-of-Service (DoS) condition on the affected Juniper routing devices. When exploited, the routing protocol daemon crashes and restarts, causing a complete service outage until routing reconverges.

This outage can disrupt network connectivity and availability, potentially affecting business operations that rely on continuous network service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33801. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart