Description
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).

An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS:

* 25.2 versions before 25.2R2


This issue does not affect Junos OS versions before 25.2R1.

This issue affects Junos OS Evolved:
* 25.2-EVO versions before 25.2R2-EVO


This issue does not affect Junos OS Evolved versions before 25.2R1-EVO.

eBGP and iBGP are affected.
IPv4 and IPv6 are affected.
Published: 2026-04-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (DoS)
Action: Immediate Patch
AI Analysis

Impact

An improper input validation flaw in Juniper Networks Junos OS and Junos OS Evolved enables an unauthenticated adjacent attacker to send a specific genuine BGP packet over an established BGP session. The packet resets only that session, leading to a denial of service for the routes exchanged over the affected link. Repeatedly sending the packet can sustain the outage until the session reestablishes or the device restarts.

Affected Systems

Juniper Networks Junos OS and Junos OS Evolved are impacted. For Junos OS the flaw exists in all releases prior to 25.2R2; the 25.2R2, 25.4R1, and all newer releases contain the fix. For Junos OS Evolved, the issue exists in all releases prior to 25.2R2-EVO; the 25.2R2-EVO, 25.4R1-EVO, and all later releases resolve the vulnerability. Both eBGP and iBGP sessions over IPv4 and IPv6 are affected; versions earlier than 25.2R1 (Junos OS) or 25.2R1-EVO (Junos OS Evolved) are not affected.

Risk and Exploitability

The CVSS score of 7.1 reflects moderate to high severity. Because the exploit requires only access to a pre‑established BGP session and no authentication, the threat is realistic for attackers who can become an adjacent BGP neighbor on the network. The EPSS score of < 1% indicates a very low but nonzero probability of exploitation in observed traffic. The vulnerability is not listed in CISA KEV. However, the lack of a workaround and the potential for widespread service interruption make the risk significant. Attackers can trigger repeated BGP resets to sustain a denial of service, compromising network reliability.

Generated by OpenCVE AI on April 28, 2026 at 21:39 UTC.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: Junos OS: 25.2R2, 25.4R1, and all subsequent releases. Junos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.

Vendor Workaround

There are no known workarounds for this issue.

OpenCVE Recommended Actions

  • Apply the latest Junos OS or Junos OS Evolved releases (25.2R2, 25.4R1, or later) that address the issue.
  • Configure BGP session authentication to ensure only authorized peers can establish routes.
  • Restrict BGP neighbors to trusted networks and review access control lists on interfaces that connect to those neighbors.

Generated by OpenCVE AI on April 28, 2026 at 21:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue doesn't not affected Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue doesn't not affected Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected. An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
References

Thu, 16 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Juniper
Juniper junos
Juniper junos Os Evolved
CPEs cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:25.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:25.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:25.2:r1:*:*:*:*:*:*
Vendors & Products Juniper
Juniper junos
Juniper junos Os Evolved

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Juniper Networks junos Os Evolved
Vendors & Products Juniper Networks
Juniper Networks junos Os
Juniper Networks junos Os Evolved

Thu, 09 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue doesn't not affected Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue doesn't not affected Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.
Title Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green'}

Subscriptions

Juniper Junos Junos Os Evolved
Juniper Networks Junos Os Junos Os Evolved
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-04-23T20:08:35.655Z

Reserved: 2026-03-23T19:46:13.673Z

Link: CVE-2026-33797

cve-icon Vulnrichment

Updated: 2026-04-13T17:58:31.693Z

cve-icon NVD

Status : Modified

Published: 2026-04-09T22:16:29.547

Modified: 2026-04-23T21:16:05.677

Link: CVE-2026-33797

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T21:45:26Z

Weaknesses