CVE-2026-33794 PUBLISHED

Junos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE crash

Assigner: juniper
Reserved: 23.03.2026 Published: 09.07.2026 Updated: 10.07.2026

An Improper Check for Unusual or Exceptional Conditions vulnerability in the

advanced forwarding toolkit (evo-aftmand)

of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to crash the

evo-aftmand process on the PFE, leading to a Denial-of-Service (DoS). The conditions required for successful exploitation are based on a sequence of events that are outside an attacker's direct control.

Unified list (unilist) ECMP routes are a specific ECMP behavior where multiple equal-cost routes share a single logical next-hop list entry. The router treats them as one route with multiple next hops and load balances traffic across that unified list. Due to an issue processing unilist ECMP routing updates, internal state corruption may occur, especially in large-scale ECMP unilist deployments, leading to the evo-aftmand process crashing, resulting in an evo-aftmand-bx core. Manual intervention is required to recover by rebooting the system or restarting the FPC.

This issue affects Junos OS Evolved on PTX :

  • from 24.4R2-EVO before 24.4R2-S3-EVO;
  • from 25.2 before 25.2R2-EVO.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green
CVSS Score: 8.2

Product Status

Vendor Juniper Networks
Product Junos OS Evolved
Versions Default: unaffected
  • affected from 24.4R2-EVO to 24.4R2-S3-EVO (excl.)
  • affected from 25.2 to 25.2R2, 25.2R2-EVO (excl.)

Affected Configurations

This issue requires ECMP load balancing to be enabled. For example:

[ policy-options policy-statement <name> term 1 then load-balance per-packet ] [ routing-options forwarding-table export <name> ]

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Workarounds

There are no known workarounds for this issue.

Solutions

The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 24.4R2-S3-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.

References

Problem Types

  • CWE-754 Improper Check for Unusual or Exceptional Conditions CWE