CVE-2026-33774

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series versions prior to 23.2R2-S6 Juniper Networks Junos OS on MX Series versions 23.4 before 23.4R2-S7 Juniper Networks Junos OS on MX Series versions 24.2 before 24.2R2 Juniper Networks Junos OS on MX Series versions 24.4 before 24.4R2

Description A flaw exists in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series that allows an unauthenticated, network-based attacker to bypass configured firewall filters and access the control-plane of the device. This occurs when firewall filters are applied on a loopback interface lo0.n (where n is a non-0 number) and that loopback interface is in the global VRF / default routing-instance. The issue is observed when the firewall counter for the filter does not show any matches.

Recommendations Update to Junos OS version 23.2R2-S6 or later. Update to Junos OS version 23.4R2-S7 or later. Update to Junos OS version 24.2R2 or later. Update to Junos OS version 24.4R2 or later.