Privilege Escalation via Unsigned Python Ops in JunOS OS (24.4R2)
CVE-2026-33793 Published on April 9, 2026
Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.
When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.
This issue affects Junos OS:
* All versions before 22.4R3-S7,
* from 23.2 before 23.2R2-S4,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R1-S2, 24.2R2,
* from 24.4 before 24.4R1-S2, 24.4R2;
Junos OS Evolved:
* All versions before 22.4R3-S7-EVO,
* from 23.2 before 23.2R2-S4-EVO,
* from 23.4 before 23.4R2-S6-EVO,
* from 24.2 before 24.2R2-EVO,
* from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.
Vulnerability Analysis
CVE-2026-33793 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Initial Publication
While 'language python3' allows an attacker to execute local Python scripts, the scenario with the highest risk of malicious exploitation occurs when an attacker can execute remote Python scripts 8 days later.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2026-33793
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS:- Before 22.4R3-S7 is affected.
- Version 23.2 and below 23.2R2-S4 is affected.
- Version 23.4 and below 23.4R2-S6 is affected.
- Version 24.2 and below 24.2R1-S2, 24.2R2 is affected.
- Version 24.4 and below 24.4R1-S2, 24.4R2 is affected.
- Before 22.4R3-S7-EVO is affected.
- Version 23.2 and below 23.2R2-S4-EVO is affected.
- Version 23.4 and below 23.4R2-S6-EVO is affected.
- Version 24.2 and below 24.2R2-EVO is affected.
- Version 24.4 and below 24.4R1-S1-EVO, 24.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.