SpirityCVE

CVE-2026-33782 - Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Mx10004 Mx10008 Mx2008 Mx2010 Mx2020 Mx204 Mx240 Mx301 Mx304 Mx480 Mx960
Juniper Networks	Junos Os

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.4:-::::::
	cpe:2.3:o:juniper:junos:23.4:r1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s2::::::

OR	cpe:2.3:h:juniper:mx10004:-:::::::*
	cpe:2.3:h:juniper:mx10008:-:::::::*
	cpe:2.3:h:juniper:mx2008:-:::::::*
	cpe:2.3:h:juniper:mx2010:-:::::::*
	cpe:2.3:h:juniper:mx2020:-:::::::*
	cpe:2.3:h:juniper:mx204:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx301:-:::::::*
	cpe:2.3:h:juniper:mx304:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*

No data.

References

Link	Providers
https://www.spirityenterprise.com/managed-detection-response
https://kb.juniper.net/JSA107820

History

Fri, 17 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Juniper mx10004 Juniper mx10008 Juniper mx2008 Juniper mx2010 Juniper mx2020 Juniper mx204 Juniper mx240 Juniper mx301 Juniper mx304 Juniper mx480 Juniper mx960
CPEs		cpe:2.3:h:juniper:mx10004:-:::::::* cpe:2.3:h:juniper:mx10008:-:::::::* cpe:2.3:h:juniper:mx2008:-:::::::* cpe:2.3:h:juniper:mx2010:-:::::::* cpe:2.3:h:juniper:mx2020:-:::::::* cpe:2.3:h:juniper:mx204:-:::::::* cpe:2.3:h:juniper:mx240:-:::::::* cpe:2.3:h:juniper:mx301:-:::::::* cpe:2.3:h:juniper:mx304:-:::::::* cpe:2.3:h:juniper:mx480:-:::::::* cpe:2.3:h:juniper:mx960:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:23.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos:23.4:r1::::::
Vendors & Products		Juniper Juniper junos Juniper mx10004 Juniper mx10008 Juniper mx2008 Juniper mx2010 Juniper mx2020 Juniper mx204 Juniper mx240 Juniper mx301 Juniper mx304 Juniper mx480 Juniper mx960

Mon, 13 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Networks Juniper Networks junos Os
Vendors & Products		Juniper Networks Juniper Networks junos Os

Thu, 09 Apr 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive \| match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.
Title		Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts
Weaknesses		CWE-401
References		https://kb.juniper.net/JSA107820
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2026-04-09T21:29:45.496Z

Updated: 2026-04-13T18:06:19.824Z

Reserved: 2026-03-23T19:46:13.669Z

Link: CVE-2026-33782

Vulnrichment

Updated: 2026-04-13T17:58:39.328Z

NVD

Status : Analyzed

Published: 2026-04-09T22:16:27.393

Modified: 2026-04-17T17:39:35.200

Link: CVE-2026-33782

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object