Juniper Junos OS up to 25.2R1 Packet Forwarding Engine infinite loop
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 1.13 |
Summary
A vulnerability described as critical has been identified in Juniper Junos OS up to 23.2R2-S6/23.4R2-S7/24.2R2-S3/24.4R2-S2/25.2R1. Affected by this issue is some unknown functionality of the component Packet Forwarding Engine. Such manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2026-33800. Local access is required to approach this attack. No exploit exists.
Details
A vulnerability was found in Juniper Junos OS up to 23.2R2-S6/23.4R2-S7/24.2R2-S3/24.4R2-S2/25.2R1 and classified as critical. Affected by this issue is an unknown code block of the component Packet Forwarding Engine. The manipulation with an unknown input leads to a infinite loop vulnerability. Using CWE to declare the problem leads to CWE-835. The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. Impacted is availability. CVE summarizes:
An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a Virtual-Chassis (VC) scenario with locality‑bias configured, processing takes a significant amount of time for each event. If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage. This issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2.
The advisory is shared for download at supportportal.juniper.net. This vulnerability is handled as CVE-2026-33800 since 03/23/2026. The exploitation is known to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available.
Upgrading to version 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S3 or 25.2R2 eliminates this vulnerability.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.juniper.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Infinite loopCWE: CWE-835 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔒
Upgrade: Junos OS 23.2R2-S7/23.4R2-S8/24.2R2-S4/24.4R2-S3/25.2R2
Timeline
03/23/2026 CVE reserved07/09/2026 Advisory disclosed
07/09/2026 VulDB entry created
07/09/2026 VulDB entry last update
Sources
Vendor: juniper.netAdvisory: supportportal.juniper.net
Status: Confirmed
CVE: CVE-2026-33800 (🔒)
GCVE (CVE): GCVE-0-2026-33800
GCVE (VulDB): GCVE-100-377312
Entry
Created: 07/09/2026 23:35Changes: 07/09/2026 23:35 (54)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.