Juniper: Root security vulnerabilities in Junos OS closed among others

Multiple security vulnerabilities endanger Juniper's network and security products. The weaknesses are in the Junos OS and Junos OS Evolved network operating systems, which form the basis for routers and switches, among other things. In the worst case, attackers can gain far-reaching privileges on devices. So far, the network equipment supplier is not warning of attacks. Admins should still install the security updates promptly.

Multiple Dangers

28 now closed software vulnerabilities are listed in the security section of Juniper's website. Network admins will also find the security updates there, the listing of which goes beyond the scope of this report.

Some of the vulnerabilities are classified as "high" in terms of threat level. For example, attackers can exploit vulnerabilities on affected devices with specially crafted BGP requests and trigger crashes (CVE-2026-33797).

However, attackers can also gain root privileges in several places (e.g. CVE-2026-21916). With such far-reaching rights, it is plausible that devices are considered completely compromised. In this case, however, there is a hurdle, and a local attacker must already have low user privileges. This is also the prerequisite for another attack that can leak sensitive data (CVE-2026-33776).

The fabric management software Apstra is also vulnerable. Due to a faulty SSH implementation, an attacker can intercept connections as a man-in-the-middle without authentication (CVE-2026-13914 "high").

Due to a default password in vLWC, unauthorized access is conceivable (CVE-2026-33784). This security vulnerability is classified as "critical".

(des)