Privilege Escalation via Unsigned Python Ops in JunOS OS (24.4R2)
CVE-2026-33793 Published on April 9, 2026
Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.
When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.
This issue affects Junos OS:
* All versions before 22.4R3-S7,
* from 23.2 before 23.2R2-S4,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R1-S2, 24.2R2,
* from 24.4 before 24.4R1-S2, 24.4R2;
Junos OS Evolved:
* All versions before 22.4R3-S7-EVO,
* from 23.2 before 23.2R2-S4-EVO,
* from 23.4 before 23.4R2-S6-EVO,
* from 24.2 before 24.2R2-EVO,
* from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.
Vulnerability Analysis
CVE-2026-33793 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2026-33793
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS:- Before 22.4R3-S7 is affected.
- Version 23.2 and below 23.2R2-S4 is affected.
- Version 23.4 and below 23.4R2-S6 is affected.
- Version 24.2 and below 24.2R1-S2, 24.2R2 is affected.
- Version 24.4 and below 24.4R1-S2, 24.4R2 is affected.
- Before 22.4R3-S7-EVO is affected.
- Version 23.2 and below 23.2R2-S4-EVO is affected.
- Version 23.4 and below 23.4R2-S6-EVO is affected.
- Version 24.2 and below 24.2R2-EVO is affected.
- Version 24.4 and below 24.4R1-S1-EVO, 24.4R2-EVO is affected.