PT-2026-31803 · Juniper Networks · Juniper Networks Support Insights (Jsi) Virtual Lightweight Collector

Published

2026-04-09

Updated

2026-04-11

CVE-2026-33784

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) versions prior to 3.0.94

Description A Use of Default Password issue in Juniper Networks JSI Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to gain full control of the device. The vLWC software ships with a default password for a high-privileged account, and changing this password is not enforced during provisioning.

Recommendations Update to version 3.0.94 or later. Change the default password in the setup menu of the device.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1393

Related Identifiers

CVE-2026-33784

Affected Products

Juniper Networks Support Insights (Jsi) Virtual Lightweight Collector

CVE-2026-33784

Weakness Enumeration

Related Identifiers

Affected Products

References · 15