Main Vulnerability Database Vulnerabilities #VU125558

#VU125558 Improper input validation in Junos OS - CVE-2026-33778

Published: April 9, 2026

Vulnerability identifier: #VU125558

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-33778

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper validation of syntactic correctness of input in the IPsec library used by kmd and iked when processing a specifically malformed first ISAKMP packet. A remote attacker can send a specifically malformed first ISAKMP packet to cause a denial of service.

Successful exploitation crashes and restarts the kmd/iked process, which momentarily prevents new security associations from being established. Repeated exploitation can prevent new VPN connections from being established.

Remediation

Install security update from vendor's website.

External links

https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778

#VU125558 Improper input validation in Junos OS - CVE-2026-33778

Description

Remediation

External links

Please verify you're human