Back to CVE List

CVE-2026-33794

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.9 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the

advanced forwarding toolkit (evo-aftmand)

of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to crash the

evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS). The conditions required for successful exploitation are based on a sequence of events that are outside an attacker's direct control.

Unified list (unilist) ECMP routes are a specific ECMP behavior where multiple equal-cost routes share a single logical next-hop list entry. The router treats them as one route with multiple next hops and load balances traffic across that unified list. Due to an issue processing unilist ECMP routing updates, internal state corruption may occur, especially in large-scale ECMP unilist deployments, leading to the evo-aftmand process crashing, resulting in an evo-aftmand-bx core. Manual intervention is required to recover by rebooting the system or restarting the FPC.

This issue affects Junos OS Evolved on PTX :


* from 24.4R2-EVO before 24.4R2-S3-EVO;
* from 25.2 before 25.2R2-EVO.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-754
Source
NVD
Vendor
Juniper Networks
Product
Junos OS Evolved

External References

Discussion (0)

Add Comment

No comments yet. Be the first!