Home / Vulnerability Intelligence / CVE-2026-33784

CVE-2026-33784 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 9, 2026

Juniper Networks Support Insights Virtual Lightweight Collector - Authentication Bypass

Published: April 9, 2026Updated: April 9, 2026Remote Exploitable

Overview

Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) < 3.0.94 contains a use of default password vulnerability caused by an initial high privileged account password not being enforced to change, letting unauthenticated network attackers take full control of the device, exploit requires default password unchanged.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can gain full control of the device, leading to complete system compromise.

Mitigation

Update to version 3.0.94 or later.

References

https://kb.juniper.net/JSA107871

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 10, 2026

🔴 CVE-2026-33784 - Critical (9.8) A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with a... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33784/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33784
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: new
EPSS: 4.1%
Social Posts: 1

CWE

CWE-1393

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days