CVE-2026-33793
Published: Apr 9, 2026
Modified: Apr 16, 2026
CVSS v3.1
7.8
Description
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation. This issue affects Junos OS: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R1-S2, 24.2R2, * from 24.4 before 24.4R1-S2, 24.4R2; Junos OS Evolved: * All versions before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-EVO, * from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.
| Vendor | Product | Versions |
|---|---|---|
Juniper Networks | Junos OS | affected 0 - < 22.4R3-S7affected 23.2 - < 23.2R2-S4affected 23.4 - < 23.4R2-S6affected 24.2 - < 24.2R1-S2, 24.2R2affected 24.4 - < 24.4R1-S2, 24.4R2 |
Juniper Networks | Junos OS Evolved | affected 0 - < 22.4R3-S7-EVOaffected 23.2 - < 23.2R2-S4-EVOaffected 23.4 - < 23.4R2-S6-EVOaffected 24.2 - < 24.2R2-EVOaffected 24.4 - < 24.4R1-S1-EVO, 24.4R2-EVO |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now