CVE-2026-33785
Published: 09 April 2026
Summary
CVE-2026-33785 is a high-severity Missing Authorization (CWE-862) vulnerability in Juniper Junos. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the missing authorization vulnerability by requiring the system to enforce approved access controls, preventing low-privilege CLI users from executing sensitive 'request csds' commands.
Enforces least privilege to restrict execution of high-impact CSDS operational commands to only designated high-privileged users, mitigating low-privilege user exploitation.
Requires timely flaw remediation through upgrades to fixed Junos OS versions (24.4R2-S3 or 25.2R2), eliminating the missing authorization defect in CLI command handling.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization in CLI allows low-privileged local authenticated users to execute high-privileged 'request csds' commands, directly enabling exploitation for privilege escalation with high impact on managed devices.
NVD Description
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged…
more
in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.
Deeper analysisAI
CVE-2026-33785 is a Missing Authorization vulnerability (CWE-862) in the CLI of Juniper Networks Junos OS on MX Series routers. It affects Junos OS 24.4 releases prior to 24.4R2-S3 and 25.2 releases prior to 25.2R2. The issue does not impact Junos OS releases before 24.4. Any user logged into the CLI, without requiring specific privileges, can execute 'request csds' operational commands, which are intended solely for high-privileged users or those designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations.
A local, authenticated user with low privileges can exploit this vulnerability by issuing the 'request csds' CLI commands. Successful exploitation leads to a complete compromise of the managed devices, as these commands impact all aspects of devices managed via the MX Series. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting its high severity due to low attack complexity, low privileges required, no user interaction, and broad scope with high confidentiality, integrity, and availability impacts.
The Juniper security advisory at https://kb.juniper.net/JSA107872 provides details on mitigation. Systems should be upgraded to Junos OS 24.4R2-S3 or later in the 24.4 series, or 25.2R2 or later in the 25.2 series, to address the vulnerability.
Details
- CWE(s)