CVE-2026-33775 — MEDIUM (6.5)

Q: How severe is CVE-2026-33775?

CVE-2026-33775 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-33775?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Mx10004, Juniper Mx10008, Juniper Mx2008, Juniper Mx2010.

Vulnerability Description

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgd has been consumed, no new subscribers will be able to login. The memory utilization of bbe-smgd can be monitored with the following show command: user@host> show system processes extensive | match bbe-smgd The below log message can be observed when this limit has been reached: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion This issue affects Junos OS on MX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R2.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 22.4
Juniper	Mx10004	-
Juniper	Mx10008	-
Juniper	Mx2008	-
Juniper	Mx2010	-
Juniper	Mx2020	-
Juniper	Mx204	-
Juniper	Mx240	-
Juniper	Mx301	-
Juniper	Mx304	-
Juniper	Mx480	-
Juniper	Mx960	-

Related Weaknesses (CWE)

CWE-401

References

https://kb.juniper.net/JSA107821Vendor Advisory

FAQ

What is CVE-2026-33775?

CVE-2026-33775 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthent...

How severe is CVE-2026-33775?

CVE-2026-33775 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-33775?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Mx10004, Juniper Mx10008, Juniper Mx2008, Juniper Mx2010.