CVE-2026-33779

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S9, versions 23.2 before 23.2R2-S6, versions 23.4 before 23.4R2-S7, versions 24.2 before 24.2R2-S3, versions 24.4 before 24.4R2-S2, and versions 25.2 before 25.2R1-S2, 25.2R2.

Description A flaw exists in the J-Web component of Juniper Networks Junos OS on SRX Series that allows a Person-in-the-Middle (PITM) attacker to intercept communication between the device and Security Director (SD) cloud, potentially gaining access to confidential information and modifying it. The device does not sufficiently verify the received server certificate when connecting to the SD cloud.

Recommendations Update to Junos OS version 22.4R3-S9 or later. Update to Junos OS version 23.2R2-S6 or later. Update to Junos OS version 23.4R2-S7 or later. Update to Junos OS version 24.2R2-S3 or later. Update to Junos OS version 24.4R2-S2 or later. Update to Junos OS version 25.2R1-S2 or 25.2R2 or later.