{"api_version":"1","generated_at":"2026-04-19T08:44:48+00:00","cve":"CVE-2026-33780","urls":{"html":"https://cve.report/CVE-2026-33780","api":"https://cve.report/api/cve/CVE-2026-33780.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-33780","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-33780"},"summary":{"title":"Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald","description":"A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device> show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * all versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S5-EVO,\n * 23.2 versions before 23.2R2-S3-EVO,\n * 23.4 versions before 23.4R2-S4-EVO,\n * 24.2 versions before 24.2R2-EVO.","state":"PUBLISHED","assigner":"juniper","published_at":"2026-04-09 22:16:26","updated_at":"2026-04-17 17:59:50"},"problem_types":["CWE-401","CWE-401 CWE-401 Missing Release of Memory after Effective Lifetime"],"metrics":[{"version":"4.0","source":"sirt@juniper.net","type":"Secondary","score":"7.1","severity":"HIGH","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"7.1","severity":"HIGH","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M","data":{"Automatable":"YES","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"}},{"version":"3.1","source":"sirt@juniper.net","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://kb.juniper.net/JSA107819","name":"https://kb.juniper.net/JSA107819","refsource":"sirt@juniper.net","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-33780","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33780","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 22.4R3-S5 semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 23.2 23.2R2-S3 semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 23.4 23.4R2-S4 semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 24.2 24.2R2 semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS Evolved","version":"affected all version prior to 22.4R3-S5-EVO semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS Evolved","version":"affected 23.2 23.2R2-S3-EVO semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS Evolved","version":"affected 23.4 23.4R2-S4-EVO semver","platforms":[]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS Evolved","version":"affected 24.2 24.2R2-EVO semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.","time":"","lang":"en"}],"workarounds":[{"source":"CNA","title":"","value":"There are no known workarounds for this issue.","time":"","lang":"en"}],"exploits":[{"source":"CNA","title":"","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r2-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r2-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r3-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r3-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r3-s3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"22.4","cpe7":"r3-s4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"r2-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.2","cpe7":"r2-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r2-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r2-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"23.4","cpe7":"r2-s3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"24.2","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"24.2","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"24.2","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos","cpe6":"24.2","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r2-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r2-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r3-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r3-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r3-s3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"22.4","cpe7":"r3-s4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"r2-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.2","cpe7":"r2-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r1-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r2-s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r2-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"23.4","cpe7":"r2-s3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"24.2","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"24.2","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"33780","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"juniper","cpe5":"junos_os_evolved","cpe6":"24.2","cpe7":"r1-s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"33780","cve":"CVE-2026-33780","epss":"0.000200000","percentile":"0.052060000","score_date":"2026-04-18","updated_at":"2026-04-19 00:10:43"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-33780","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-13T17:39:43.706961Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-13T18:06:19.950Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"22.4R3-S5","status":"affected","version":"0","versionType":"semver"},{"lessThan":"23.2R2-S3","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S4","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R2","status":"affected","version":"24.2","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"22.4R3-S5-EVO","status":"affected","version":"all version prior to","versionType":"semver"},{"lessThan":"23.2R2-S3-EVO","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S4-EVO","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R2-EVO","status":"affected","version":"24.2","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"To be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options.\n\n "}],"value":"To be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options."}],"datePublic":"2026-04-08T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).
\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.
Use the following command to monitor the memory consumption by l2ald:
user@device> show system process extensive | match \"PID|l2ald\" \n\n
This issue affects:
Junos OS:
all versions before 22.4R3-S5,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R2;
Junos OS Evolved:
all versions before 22.4R3-S5-EVO,
23.2 versions before 23.2R2-S3-EVO,
23.4 versions before 23.4R2-S4-EVO,
24.2 versions before 24.2R2-EVO.
"}],"value":"A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device> show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * all versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S5-EVO,\n * 23.2 versions before 23.2R2-S3-EVO,\n * 23.4 versions before 23.4R2-S4-EVO,\n * 24.2 versions before 24.2R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"YES","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-401","description":"CWE-401 Missing Release of Memory after Effective Lifetime","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-09T21:29:20.534Z","orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper"},"references":[{"tags":["vendor-advisory"],"url":"https://kb.juniper.net/JSA107819"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases; Junos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."}],"value":"The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."}],"source":{"advisory":"JSA107819","defect":["1824956"],"discovery":"USER"},"title":"Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no known workarounds for this issue."}],"value":"There are no known workarounds for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","cveId":"CVE-2026-33780","datePublished":"2026-04-09T21:29:20.534Z","dateReserved":"2026-03-23T19:46:13.669Z","dateUpdated":"2026-04-13T18:06:19.950Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-09 22:16:26","lastModifiedDate":"2026-04-17 17:59:50","problem_types":["CWE-401","CWE-401 CWE-401 Missing Release of Memory after Effective Lifetime"],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*","versionEndExcluding":"22.4","matchCriteriaId":"57F66641-003B-49D6-A9B9-AB300CFE3C93"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*","matchCriteriaId":"1379EF30-AF04-4F98-8328-52A631F24737"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*","matchCriteriaId":"28E42A41-7965-456B-B0AF-9D3229CE4D4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"CB1A77D6-D3AD-481B-979C-8F778530B175"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"3A064B6B-A99B-4D8D-A62D-B00C7870BC30"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*","matchCriteriaId":"40813417-A938-4F74-A419-8C5188A35486"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"7FC1BA1A-DF0E-4B15-86BA-24C60E546732"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"EBB967BF-3495-476D-839A-9DBFCBE69F91"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*","matchCriteriaId":"7E5688D6-DCA4-4550-9CD1-A3D792252129"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*","matchCriteriaId":"8494546C-00EA-49B6-B6FA-FDE42CA5B1FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*","matchCriteriaId":"8BB98579-FA33-4E41-A162-A46E9709FBD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*","matchCriteriaId":"08E2562F-FB18-4347-8497-7D61B8157EBB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*","matchCriteriaId":"494D1D96-1DA2-4B0A-9536-1B5A4FDFCA09"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*","matchCriteriaId":"1A78CC80-E8B1-4CDA-BB35-A61833657FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"4B3B2FE1-C228-46BE-AC76-70C2687050AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"F1B16FF0-900F-4AEE-B670-A537139F6909"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"B227E831-30FF-4BE1-B8B2-31829A5610A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"A6FB32DF-D062-4FB9-8777-452978BEC7B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"B3B6C811-5C10-4486-849D-5559B592350A"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*","matchCriteriaId":"78481ABC-3620-410D-BC78-334657E0BB75"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"BE8A5BA3-87BD-473A-B229-2AAB2C797005"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8B74AC3E-8FC9-400A-A176-4F7F21F10756"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"175CCB13-76C0-44A4-A71D-41E22B92EB23"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"166BFDB3-1945-4949-BC2B-E18442FF2E4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"5923610F-878C-48CA-8B5D-9C609E4DD4DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"A7C207E3-0252-4192-8E8C-E2ED2831B4F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*","matchCriteriaId":"89524D6D-0B22-4952-AD8E-8072C5A05D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"AD69A194-1B03-44EA-8092-79BD10C6F729"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"8463ADB4-B8A7-4D63-97A9-232ED713A21C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"FE68337F-106E-4317-A5B6-292B0159F577"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*","versionEndExcluding":"22.4","matchCriteriaId":"A9925263-E7B7-49AA-8271-AF320F355B80"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*","matchCriteriaId":"0A33C425-921F-4795-B834-608C8F1597E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*","matchCriteriaId":"93887799-F62C-4A4A-BCF5-004D0B4D4154"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"62C473D2-2612-4480-82D8-8A24D0687BBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"7FB4C5CA-A709-4B13-A9E0-372098A72AD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*","matchCriteriaId":"04CE952D-E3C1-4B34-9E65-EC52BFE887AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"8AE9D1A7-4721-4E1D-B965-FDC38126B1DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"A8643AA3-29EF-48A7-B033-CB60988E214B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:*:*:*:*:*:*","matchCriteriaId":"9800BA03-E6BF-4212-B2E7-69C0FD27D294"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:*:*:*:*:*:*","matchCriteriaId":"ACCA655D-C542-44F1-B183-4C864CFF2D4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2:*:*:*:*:*:*","matchCriteriaId":"6D499B19-A91A-4B76-B1CB-6A07A4CB212B"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3:*:*:*:*:*:*","matchCriteriaId":"B6B2830C-26EE-446E-B0C3-B5E43AD897B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4:*:*:*:*:*:*","matchCriteriaId":"1C7367E6-B491-4A1F-B9D7-BC86A15A0773"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*","matchCriteriaId":"6DEAA7FD-385F-4221-907E-65ABC16BE4BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*","matchCriteriaId":"DDEC008A-3137-48D1-8ABC-6DB0EFC40E50"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*","matchCriteriaId":"558D234D-BC50-415F-86D6-8E19D6C3ACE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"33F4EEEE-77E9-4973-A770-99E7BA2F05F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*","matchCriteriaId":"A4BB6910-B994-45FD-8153-5EC00EE842E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*","matchCriteriaId":"D657944B-2066-4F2C-BC92-EDF4DE1C165C"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*","matchCriteriaId":"75A58924-6348-44CF-AB39-1FCE17FE81AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*","matchCriteriaId":"9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*","matchCriteriaId":"FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*","matchCriteriaId":"7147BA60-30A5-4CED-9AAF-F6BEA0528B89"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*","matchCriteriaId":"6E5CE59B-14B2-4F4C-81B5-0430EC954956"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*","matchCriteriaId":"FB82B22F-9005-4EF0-A1E3-4261757783D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*","matchCriteriaId":"0224D3F1-8B86-432C-8F5B-B4B7B69ADF31"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*","matchCriteriaId":"EB2FE5FE-0ADE-406E-A23D-FDCC104B2496"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*","matchCriteriaId":"2E58987A-D7B7-4FFF-9969-E8FD76AE2BE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*","matchCriteriaId":"0DD89AAD-C615-42AF-B8AF-E6067862F0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*","matchCriteriaId":"28AFF11D-E418-4A76-B557-F60622602537"},{"vulnerable":true,"criteria":"cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*","matchCriteriaId":"0A86A69D-2B90-4B3B-A6EC-88358284787D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"33780","Ordinal":"1","Title":"Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of","CVE":"CVE-2026-33780","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"33780","Ordinal":"1","NoteData":"A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device> show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * all versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S5-EVO,\n * 23.2 versions before 23.2R2-S3-EVO,\n * 23.4 versions before 23.4R2-S4-EVO,\n * 24.2 versions before 24.2R2-EVO.","Type":"Description","Title":"Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of"}]}}}