CVE-2026-33791

Name: CVE-2026-33791
Creator: NVD / NIST
Published: 2026-04-09T22:16:29.047+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.4/10EPSS 0.69%

Last modified Jun 17, 2026

CVE-2026-33791 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S7-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.. EPSS estimates a 0.69% chance of exploitation in the next 30 days.

Description

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S7-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

8.4/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber

EPSS Probability

0.69%

48.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Juniper	Junos	< 22.4
Juniper	Junos	22.4
Juniper	Junos	23.2
Juniper	Junos	23.4
Juniper	Junos	24.2
Juniper	Junos	24.4
Juniper	Junos	25.2
Juniper	Junos Os Evolved	< 22.4
Juniper	Junos Os Evolved	22.4
Juniper	Junos Os Evolved	23.2
Juniper	Junos Os Evolved	23.4
Juniper	Junos Os Evolved	24.2
Juniper	Junos Os Evolved	24.4
Juniper	Junos Os Evolved	25.2

References

https://kb.juniper.net/JSA107875Mitigation, Vendor Advisory
https://supportportal.juniper.net/JSA107875

Timeline

Published: Apr 9, 2026
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2026-33791?

How severe is CVE-2026-33791?

CVE-2026-33791 has a CVSS score of 8.4/10 (HIGH severity). The EPSS model estimates a 0.69% probability of exploitation in the next 30 days.

How do I fix CVE-2026-33791?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-33791?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST