CVE-2026-33776

MEDIUM 5.5

Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

1th

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.

CWE	CWE-862
Vendor	juniper networks
Product	junos os
Published	Apr 9, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for juniper networks junos os

Be the first to know when new medium vulnerabilities affecting juniper networks junos os are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Juniper Networks / Junos OS

0 < 22.4R3-S8 23.2 < 23.2R2-S6 23.4 < 23.4R2-S6 24.2 < 24.2R2-S4 24.4 < 24.4R2-S1 25.2 < 25.2R1-S2, 25.2R2

Juniper Networks / Junos OS Evolved

0 < 23.2R2-S6-EVO 23.4 < 23.4R2-S6-EVO 24.2 < 24.2R2-S4-EVO 24.4 < 24.4R2-S1-EVO 25.2 < 25.2R2-EVO

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.juniper.net: https://kb.juniper.net/JSA107866