Changeflow GovPing Data Privacy & Cybersecurity High Severity Junos OS Arbitrary Code Execution...
Priority review Guidance Added Final

High Severity Junos OS Arbitrary Code Execution Vulnerability Fixed

Favicon for www.acn.gov.it Italy ACN News alt
Published
Detected
Email

Summary

ACN issued Alert AL05/260423/CSIRT-ITA warning of a high-severity arbitrary code execution vulnerability in Juniper Networks' Junos OS and Junos OS Evolved. The vulnerability, CVE-2026-33791, could allow a malicious user with elevated privileges to execute arbitrary code by bypassing security features on affected systems. Multiple versions of Junos OS and Junos OS Evolved across six release branches are affected, with ACN recommending users update to patched versions as specified in Juniper's security bulletin.

Why this matters

Organizations running Junos OS or Junos OS Evolved should inventory their deployments against the affected version ranges listed (22.4R3-S8 and earlier, 23.2, 23.4, 24.2, 24.4, 25.2 for both OS and Evolved variants). Given the arbitrary code execution vector with elevated privileges, security teams should treat this as priority remediation for any internet-facing or high-trust network infrastructure.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by ACN on acn.gov.it . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Italy ACN News alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

ACN published a security alert regarding CVE-2026-33791, a high-severity vulnerability in Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated attacker with elevated privileges to execute arbitrary code by bypassing security mechanisms. The alert covers affected version ranges for both Junos OS and Junos OS Evolved across multiple release branches including versions prior to 22.4R3-S8, 23.2, 23.4, 24.2, 24.4, and 25.2. Organizations running Juniper network infrastructure should review the Juniper support portal security bulletin and apply available patches to mitigate the arbitrary code execution risk.

Network operators and security teams managing Junos OS or Junos OS Evolved deployments should identify affected versions in their infrastructure and prioritize patching given the arbitrary code execution capability and root privilege escalation potential. Critical infrastructure and telecommunications providers relying on Juniper equipment should treat this as a priority remediation item.

What to do next

  1. Update to fixed versions per Juniper security bulletin

Archived snapshot

Apr 23, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Juniper Networks: risolta vulnerabilità in Junos OS e Junos OS Evolved

**
Alert**

AL05/260423/CSIRT-ITA

Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp

Sintesi

Juniper Networks ha rilasciato aggiornamenti per risolvere una vulnerabilità con gravità “alta”, nei sistemi operativi Junos OS e Junos OS Evolved. Tale vulnerabilità, potrebbe permettere ad un utente malintenzionato con privilegi elevati, di eseguire codice arbitrario eludendo le funzionalità di sicurezza sui sistemi interessati.

Tipologia

  • Arbitrary Code Execution
  • Security Feature Bypass

Prodotti e/o versioni affette

Junos OS

  • versioni precedenti alla 22.4R3-S8
  • 23.2, versioni precedenti alla 23.2R2-S5
  • 23.4, versioni precedenti alla 23.4R2-S7
  • 24.2, versioni precedenti alla 24.2R2-S2
  • 24.4, versioni precedenti alla 24.4R2

  • 25.2, versioni precedenti alla 25.2R2
    Junos OS Evolved

  • versioni precedent alla 22.4R3-S8-EVO

  • 23.2, versioni precedenti alla 23.2R2-S5-EVO

  • 23.4, versioni precedenti alla 23.4R2-S7-EVO

  • 24.2, versioni precedenti alla 24.2R2-S2-EVO

  • 24.4, versioni precedenti alla 24.4R2-EVO

  • 25.2, versioni precedenti alla 25.2R1-S1-EVO, 25.2R2-EVO

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni del bollettinio di sicurezza riportato nella sezione Riferimenti.

CVE (1)

Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-33791 | - | - |

Riferimenti (1)

  1. https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791

Change log

Versione Note Data
1.0 Pubblicato il 23-04-2026 23/04/2026

Impatto sistemico

Medio (64.61)

Argomenti

Data pubblicazione

23/04/26 ore 16:14

Data Ultimo Aggiornamento

23/04/26 ore 16:14

Related changes

Favicon for www.acn.gov.it Ruby ERB Remote Code Execution Vulnerability CVE-2026-41316
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.acn.gov.it CrowdStrike LogScale Arbitrary File Read Vulnerability Resolved
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.gazzettaufficiale.it Contratti Pubblici n.45: Ultra-Broadband Grants, 2 Auctions
Priority review Apr 23, 2026 Italy Official Gazette (Gazzetta Ufficiale) Government & Legislation

Get daily alerts for Italy ACN News alt

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.acn.gov.it
Italy ACN News alt acn.gov.it/portale/feedrss/-/journal/rss/20119/723192
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ACN.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ACN
Published
April 23rd, 2026
Instrument
Guidance
Branch
Executive
Source language
it
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5170 Telecommunications
Activity scope
Patch management Vulnerability remediation Network infrastructure security
Geographic scope
IT IT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Telecommunications

Browse Categories

Agriculture & Food Safety 82 AI Regulation 3 Banking & Finance 506 Consumer Protection 137 Courts & Legal 473 Data Privacy & Cybersecurity 150 Defense & National Security 53 Education 64 Energy 124 Environment 170 Gaming 2 Government & Legislation 524 Healthcare 15 Healthcare & Life Sciences 399 Immigration 11 Insurance 90 Labor & Employment 191 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 75 Securities & Markets 175 Tax 111 Telecom & Technology 55 Trade & Sanctions 162 Transportation 119

Get alerts for this source

We'll email you when Italy ACN News alt publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!