CVE-2026-33782 Juniper — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.7 (HIGH)
Affected Versions	before 22.4
Fixed In	22.4
Type	CWE-401 (Memory Leak)
Vendor	Juniper
Public PoC	No

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.

The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-401 Memory Leak

Vulnerable Products 28

Configuration	From (including)	Up to (excluding)
Juniper Junos cpe:2.3:o:juniper:junos::::::::	—	`22.4`
Juniper Junos cpe:2.3:o:juniper:junos:22.4:-::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r1-s1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r1-s2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r2-s1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r2-s2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:22.4:r3::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.2:-::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.2:r1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.2:r1-s1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.2:r1-s2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.4:-::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.4:r1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.4:r1-s1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:23.4:r1-s2::::::	—	—
Juniper Mx10004 cpe:2.3:h:juniper:mx10004:-:::::::*	—	—
Juniper Mx10008 cpe:2.3:h:juniper:mx10008:-:::::::*	—	—
Juniper Mx2008 cpe:2.3:h:juniper:mx2008:-:::::::*	—	—
Juniper Mx2010 cpe:2.3:h:juniper:mx2010:-:::::::*	—	—
Juniper Mx2020 cpe:2.3:h:juniper:mx2020:-:::::::*	—	—
Juniper Mx204 cpe:2.3:h:juniper:mx204:-:::::::*	—	—
Juniper Mx240 cpe:2.3:h:juniper:mx240:-:::::::*	—	—
Juniper Mx301 cpe:2.3:h:juniper:mx301:-:::::::*	—	—
Juniper Mx304 cpe:2.3:h:juniper:mx304:-:::::::*	—	—
Juniper Mx480 cpe:2.3:h:juniper:mx480:-:::::::*	—	—
Juniper Mx960 cpe:2.3:h:juniper:mx960:-:::::::*	—	—

References 1

https://kb.juniper.net/JSA107820

sirt@juniper.net

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33797

Juniper

7.1

CVE-2026-33793

Juniper

8.5

CVE-2026-33791

Juniper

8.4

CVE-2026-33790

Juniper

8.7

CVE-2026-33787

Juniper

6.8

Menu

CVE-2026-33782

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 28

References 1

Related Vulnerabilities

CVE-2026-33797

CVE-2026-33793

CVE-2026-33791

CVE-2026-33790

CVE-2026-33787

CVE Details

Editor's Choice

Menu

CVE-2026-33782

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 28

References 1

Related Vulnerabilities

CVE-2026-33797

CVE-2026-33793

CVE-2026-33791

CVE-2026-33790

CVE-2026-33787

CVE Details

Editor's Choice

Stay informed on cybersecurity