Changeflow GovPing Data Privacy & Cybersecurity Juniper Networks Fixes High Severity Junos OS A...
Priority review Notice Added Final

Juniper Networks Fixes High Severity Junos OS Arbitrary Code Execution Vulnerability

Favicon for www.csirt.gov.it Italy CSIRT Advisories
Published
Detected
Email

Summary

CSIRT-ITA issued alert AL05/260423/CSIRT-ITA on 23 April 2026 disclosing a high-severity arbitrary code execution vulnerability (CVE-2026-33791) affecting Junos OS and Junos OS Evolved. The vulnerability allows an authenticated attacker with elevated privileges to execute arbitrary code by bypassing security features. Multiple version branches are affected across both product lines, spanning releases from 22.4 through 25.2. CSIRT-ITA recommends applying vendor-provided updates per the Juniper security bulletin.

“Tale vulnerabilità, potrebbe permettere ad un utente malintenzionato con privilegi elevati, di eseguire codice arbitrario eludendo le funzionalità di sicurezza sui sistemi interessati.”

Published by CSIRT-ITA on acn.gov.it . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Italy CSIRT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 18 changes logged to date.

View original document View source feed page

What changed

CSIRT-ITA published an alert disclosing CVE-2026-33791, a high-severity vulnerability in Juniper Networks Junos OS and Junos OS Evolved that enables an authenticated attacker with elevated privileges to execute arbitrary code, bypassing system security controls. Affected versions span multiple release tracks from 22.4 through 25.2 across both standard and Evolved product lines, with specific minimum patched versions listed for each branch. CSIRT-ITA references the Juniper security bulletin as the authoritative mitigation source.

Organizations running Juniper Junos OS or Junos OS Evolved should immediately identify whether any of their installations fall within the affected version ranges. Any affected deployments should be updated to the minimum patched version specified for their release track. Given the arbitrary code execution capability and root-level access possible, this vulnerability poses a significant risk to network infrastructure security and should be treated as a priority remediation item.

What to do next

  1. Update vulnerable Junos OS and Junos OS Evolved installations to patched versions per Juniper security bulletin

Archived snapshot

Apr 25, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Juniper Networks: risolta vulnerabilità in Junos OS e Junos OS Evolved

**
Alert**

AL05/260423/CSIRT-ITA

Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp

Sintesi

Juniper Networks ha rilasciato aggiornamenti per risolvere una vulnerabilità con gravità “alta”, nei sistemi operativi Junos OS e Junos OS Evolved. Tale vulnerabilità, potrebbe permettere ad un utente malintenzionato con privilegi elevati, di eseguire codice arbitrario eludendo le funzionalità di sicurezza sui sistemi interessati.

Tipologia

  • Arbitrary Code Execution
  • Security Feature Bypass

Prodotti e/o versioni affette

Junos OS

  • versioni precedenti alla 22.4R3-S8
  • 23.2, versioni precedenti alla 23.2R2-S5
  • 23.4, versioni precedenti alla 23.4R2-S7
  • 24.2, versioni precedenti alla 24.2R2-S2
  • 24.4, versioni precedenti alla 24.4R2

  • 25.2, versioni precedenti alla 25.2R2
    Junos OS Evolved

  • versioni precedent alla 22.4R3-S8-EVO

  • 23.2, versioni precedenti alla 23.2R2-S5-EVO

  • 23.4, versioni precedenti alla 23.4R2-S7-EVO

  • 24.2, versioni precedenti alla 24.2R2-S2-EVO

  • 24.4, versioni precedenti alla 24.4R2-EVO

  • 25.2, versioni precedenti alla 25.2R1-S1-EVO, 25.2R2-EVO

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni del bollettinio di sicurezza riportato nella sezione Riferimenti.

CVE (1)

Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-33791 | - | - |

Riferimenti (1)

  1. https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791

Change log

Versione Note Data
1.0 Pubblicato il 23-04-2026 23/04/2026

Impatto sistemico

Medio (64.61)

Argomenti

Data pubblicazione

23/04/26 ore 16:14

Data Ultimo Aggiornamento

23/04/26 ore 16:14

Parties

Juniper Networks

Related changes

Favicon for www.csirt.gov.it Tenable Patches High-Severity Arbitrary Code Execution in Nessus
Urgent Apr 24, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity
Favicon for www.acn.gov.it Tenable Patches High-Severity Arbitrary Code Execution Vulnerability in Nessus
Priority review Apr 24, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.csirt.gov.it High Severity Authentication Bypass Vulnerability in Apache HttpClient
Priority review Apr 27, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity

Get daily alerts for Italy CSIRT Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.csirt.gov.it
Italy CSIRT Advisories csirt.gov.it/contenuti
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CSIRT-ITA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CSIRT-ITA
Published
April 23rd, 2026
Instrument
Notice
Branch
Executive
Source language
it
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Government agencies Financial advisers
Industry sector
5112 Software & Technology
Activity scope
Network device patching Vulnerability remediation Security update deployment
Geographic scope
Italy IT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Network Infrastructure

Browse Categories

Agriculture & Food Safety 84 AI Regulation 1 Banking & Finance 507 Consumer Protection 142 Courts & Legal 630 Data Privacy & Cybersecurity 153 Defense & National Security 52 Education 63 Energy 135 Environment 170 Government & Legislation 529 Healthcare 1 Healthcare & Life Sciences 412 Immigration 11 Insurance 90 Labor & Employment 196 Pharma & Drug Safety 13 Professional Licensing 1 Real Estate & Housing 76 Securities & Markets 178 Tax 118 Telecom & Technology 57 Trade & Sanctions 167 Transportation 132

Get alerts for this source

We'll email you when Italy CSIRT Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!