Description
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory

available to bbe-smgd has been consumed, no new subscribers will be able to login.

The memory utilization of bbe-smgd can be monitored with the following show command:

user@host> show system processes extensive | match bbe-smgd

The below log message can be observed when this limit has been reached:

bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion


This issue affects Junos OS on MX Series:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2,
* 25.2 versions before 25.2R2.
Published: 2026-04-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing release of memory after effective lifetime in the BroadBand Edge subscriber management daemon (bbe-smgd). When a subscriber authentication packet does not match the configured packet‑type option, memory leaks until the daemon's heap is exhausted, preventing new subscribers from logging in. This weakness corresponds to CWE‑401 (Improper Release of Memory).

Affected Systems

The issue affects Juniper Networks Junos OS running on MX Series routers. Versions prior to 22.4R3‑S8, 23.2R2‑S5, 23.4R2‑S6, 24.2R2‑S2, 24.4R2, and 25.2R2 are impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity. The advisory notes that an adjacent, unauthenticated attacker can trigger the memory leak by sending a packet that mismatches the configured type. While EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, the lack of a workaround and the possibility of service disruption make timely remediation critical.

Generated by OpenCVE AI on April 9, 2026 at 22:20 UTC.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.

Vendor Workaround

There are no known workarounds for this issue.

OpenCVE Recommended Actions

  • Upgrade Junos OS to 22.4R3‑S8 or any later release that includes the fix.
  • If the upgrade cannot be performed immediately, monitor bbe‑smgd memory usage using 'show system processes extensive | match bbe-smgd' and be prepared to restart the daemon or take the router offline if a memory exhaustion error is observed.
  • Review and ensure that the authentication packet‑type option matches the network's actual packet types to avoid accidental triggers, although the definitive fix is the software upgrade.

Generated by OpenCVE AI on April 9, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://kb.juniper.net/JSA107821 cve-icon cve-icon
History

Fri, 17 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Juniper
Juniper junos
Juniper mx10004
Juniper mx10008
Juniper mx2008
Juniper mx2010
Juniper mx2020
Juniper mx204
Juniper mx240
Juniper mx301
Juniper mx304
Juniper mx480
Juniper mx960
CPEs cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx301:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*
Vendors & Products Juniper
Juniper junos
Juniper mx10004
Juniper mx10008
Juniper mx2008
Juniper mx2010
Juniper mx2020
Juniper mx204
Juniper mx240
Juniper mx301
Juniper mx304
Juniper mx480
Juniper mx960

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Vendors & Products Juniper Networks
Juniper Networks junos Os

Thu, 09 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgd has been consumed, no new subscribers will be able to login. The memory utilization of bbe-smgd can be monitored with the following show command: user@host> show system processes extensive | match bbe-smgd The below log message can be observed when this limit has been reached: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion This issue affects Junos OS on MX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R2.
Title Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M'}

Subscriptions

Juniper Junos Mx10004 Mx10008 Mx2008 Mx2010 Mx2020 Mx204 Mx240 Mx301 Mx304 Mx480 Mx960
Juniper Networks Junos Os
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-04-13T18:06:19.695Z

Reserved: 2026-03-23T19:46:13.668Z

Link: CVE-2026-33775

cve-icon Vulnrichment

Updated: 2026-04-13T17:58:37.146Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:26.020

Modified: 2026-04-17T17:40:50.143

Link: CVE-2026-33775

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:28:01Z

Weaknesses