CVE-2026-33782

MEDIUM

Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts

Title source: cna

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

References (1)

[Vendor Advisory] https://kb.juniper.net/JSA107820

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (7)

juniper/junos 22.4 (8 CPE variants)

juniper/junos 23.2 (4 CPE variants)

juniper/junos 23.4 (4 CPE variants)

juniper/junos < 22.4

Juniper Networks/Junos OS < 22.4R3-S1

Juniper Networks/Junos OS 23.2 - 23.2R2

Juniper Networks/Junos OS 23.4 - 23.4R2

Published Apr 09, 2026

Tracked Since Apr 10, 2026