JUNIPER Networks this week released patches for nearly three dozen vulnerabilities across Junos OS and Junos OS Evolved, potentially enabling privilege escalation, denial-of-service, and remote command execution. The most severe flaw, CVE-2026-33784, carries a CVSS score of 9.8 and centres on a default password in the Support Insights (JSI) Virtual Lightweight Collector, which could allow remote, unauthenticated takeover of a vulnerable device, according to Juniper Networks.
A related weakness in CTP OS (CVE-2026-33771) stems from password‑complexity settings not being saved, enabling weak passwords that could be exploited. There is also a high-severity SSH host key validation vulnerability in Juniper’s Apstra product that could be abused in machine‑in‑the‑middle attacks to capture credentials.
Multiple high-severity flaws in Junos OS could enable DoS, direct access to FPCs, root privileges or command execution on managed devices, with the remainder of defects described as medium severity. Juniper says it is not aware of any of these being exploited in the wild, and more information is available on the company’s support portal, according to Juniper Networks.