Juniper Networks this week released patches for nearly three dozen vulnerabilities, including Junos OS and Junos OS Evolved bugs that could lead to privilege escalation, denial-of-service (DoS), and command execution.
The most severe of the flaws is CVE-2026-33784 (CVSS score of 9.8), a default password in the Support Insights (JSI) Virtual Lightweight Collector (vLWC) that could be exploited remotely to take over a vulnerable device.
“vLWC software images ship with an initial password for a high-privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible,” Juniper Networks explains.
Juniper Networks also resolved a weak password issue in CTP OS that could allow remote, unauthenticated attackers to potentially take full control of the device.
Tracked as CVE-2026-33771, the security defect exists because settings related to password complexity requirements are not saved, leading to the use of weak passwords that could be guessed and exploited.
A high-severity SSH host key validation vulnerability in Juniper Networks Apstra could be abused in machine-in-the-middle (MITM) attacks to capture user credentials.
Multiple high-severity flaws in Junos OS could allow attackers to cause DoS conditions via crafted packets, directly access FPCs installed on devices, gain root privileges and take over devices, and execute commands to compromise managed devices.
The remaining security defects addressed this week are medium-severity flaws that could allow attackers to cause DoS conditions, execute commands with elevated privileges, gain root privileges, impact the integrity of downstream networks, read sensitive information, bypass the configured firewall filter, or inject arbitrary shell commands as root.
Juniper Networks says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s support portal.
Related: Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
Related: Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
Related: Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Related: Cisco Patches Critical and High-Severity Vulnerabilities
