CVE-2026-33794

MEDIUM

Junos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE crash

Title source: cna
STIX 2.1

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit (evo-aftmand) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to crash the evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS). The conditions required for successful exploitation are based on a sequence of events that are outside an attacker's direct control. Unified list (unilist) ECMP routes are a specific ECMP behavior where multiple equal-cost routes share a single logical next-hop list entry. The router treats them as one route with multiple next hops and load balances traffic across that unified list. Due to an issue processing unilist ECMP routing updates, internal state corruption may occur, especially in large-scale ECMP unilist deployments, leading to the evo-aftmand process crashing, resulting in an evo-aftmand-bx core. Manual intervention is required to recover by rebooting the system or restarting the FPC. This issue affects Junos OS Evolved on PTX : * from 24.4R2-EVO before 24.4R2-S3-EVO; * from 25.2 before 25.2R2-EVO.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA110073

Scores

CVSS v3 5.9
EPSS 0.0040
EPSS Percentile 32.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-754
Status published
Products (4)
juniper/junos_os_evolved 24.4 r2 (3 CPE variants)
juniper/junos_os_evolved 25.2 (4 CPE variants)
Juniper Networks/Junos OS Evolved 24.4R2-EVO - 24.4R2-S3-EVO
Juniper Networks/Junos OS Evolved 25.2 - 25.2R2, 25.2R2-EVO
Published Jul 09, 2026
Tracked Since Jul 10, 2026