Junos OS Evolved PTX Sensor Interface Incorrect Arg Type DoS (pre-25.2R1)
CVE-2026-33783 Published on April 9, 2026
Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftmand crashes
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).
If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured.
This issue affects Junos OS Evolved on PTX Series:
* all versions before 22.4R3-S9-EVO,
* 23.2 versions before 23.2R2-S6-EVO,
* 23.4 versions before 23.4R2-S7-EVO,
* 24.2 versions before 24.2R2-S4-EVO,
* 24.4 versions before 24.4R2-S2-EVO,
* 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.
Vulnerability Analysis
CVE-2026-33783 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Function Call With Incorrect Argument Type
The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.
Products Associated with CVE-2026-33783
Want to know whenever a new CVE is published for Juniper Networks Junos Os Evolved? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS Evolved:- Before 22.4R3-S9-EVO is affected.
- Version 23.2 and below 23.2R2-S6-EVO is affected.
- Version 23.4 and below 23.4R2-S7-EVO is affected.
- Version 24.2 and below 24.2R2-S4-EVO is affected.
- Version 24.4 and below 24.4R2-S2-EVO is affected.
- Version 25.2 and below 25.2R1-S2-EVO, 25.2R2-EVO is affected.