CVE-2026-33776

MEDIUM

Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information

Title source: cna

Description

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.

References (1)

[Vendor Advisory] https://kb.juniper.net/JSA107866

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (6)

juniper/junos 22.4 (15 CPE variants)

juniper/junos 23.2 (10 CPE variants)

juniper/junos 23.4 (10 CPE variants)

juniper/junos 24.2 (8 CPE variants)

juniper/junos 24.4 (5 CPE variants)

juniper/junos 25.2 (2 CPE variants)

Published Apr 09, 2026

Tracked Since Apr 10, 2026