Fri, 10 Apr 2026
β BackJuniper Networks patched nearly 36 vulnerabilities including a critical default password flaw in Junos OS. The issue allows remote attackers to gain full access to devices.
Juniper Networks this week released patches for nearly three dozen vulnerabilities, including Junos OS and Junos OS Evolved bugs that could lead to privilege escalation, denial-of-service (DoS), and command execution. The most severe of the flaws is CVE-2026-33784 (CVSS score of 9.8), a default password in the Support Insights (JSI) Virtual Lightweight Collector (vLWC) that could be exploited remotely to take over a vulnerable device. βvLWC software images ship with an initial password for a high-privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible,β Juniper Networks explains.
Juniper Networks also resolved a weak password issue in CTP OS that could allow remote, unauthenticated attackers to potentially take full control of the device. Tracked as CVE-2026-33771, the security defect exists because settings related to password complexity requirements are not saved, leading to the use of weak passwords that could be guessed and exploited. A high-severity SSH host key validation vulnerability in Juniper Networks Apstra could be abused in machine-in-the-middle (MITM) attacks to capture user credentials.