Missing Auth in Junos OS Evolved FPCs (pre-23.2R2-EVO)
CVE-2026-33788 Published on April 9, 2026
Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device.
A local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead to a full compromise of the affected component.
This issue affects Junos OS Evolved on PTX10004, PTX10008, PTX100016, with JNP10K-LC1201 or JNP10K-LC1202:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.2-EVO versions before 22.2R3-S4-EVO,
* 22.3-EVO versions before 22.3R3-S3-EVO,
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO.
Vulnerability Analysis
CVE-2026-33788 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2026-33788
Want to know whenever a new CVE is published for Juniper Networks Junos Os Evolved? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS Evolved:- Before 21.2R3-S8-EVO is affected.
- Version 21.4-EVO and below 21.4R3-S7-EVO is affected.
- Version 22.2-EVO and below 22.2R3-S4-EVO is affected.
- Version 22.3-EVO and below 22.3R3-S3-EVO is affected.
- Version 22.4-EVO and below 22.4R3-S2-EVO is affected.
- Version 23.2-EVO and below 23.2R2-EVO is affected.