Junos OS pfe DoS before 24.4R2/25.2R1S1 via Improper Check
CVE-2026-33781 Published on April 9, 2026
Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).
On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:
* 24.4 releases before 24.4R2,
* 25.2 releases before 25.2R1-S1, 25.2R2.
This issue does not affect Junos OS releases before 24.4R1.
Vulnerability Analysis
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2026-33781
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Version 24.4 and below 24.4R2 is affected.
- Version 25.2 and below 25.2R1-S1, 25.2R2 is affected.
- Before 24.4R1 is unaffected.