CVE-2026-33781

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 24.4R2, and 25.2 releases before 25.2R1-S1 and 25.2R2.

Description A flaw exists in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX and QFX Series devices. An unauthenticated, adjacent attacker can trigger a Denial of Service (DoS). Specifically, on EX4k and QFX5k platforms configured as service-provider edge devices with L2PT enabled on the UNI and VSTP enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI causes packet buffer allocation failures, leading to a complete loss of traffic until manual recovery via restart.

Recommendations Update to Junos OS version 24.4R2 or later. Update to Junos OS version 25.2R1-S1 or later. Update to Junos OS version 25.2R2 or later.