CVE-2026-33784 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 9, 2026
Juniper Networks Support Insights Virtual Lightweight Collector - Authentication Bypass
Published: April 9, 2026Updated: April 9, 2026Remote Exploitable
Overview
Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) < 3.0.94 contains a use of default password vulnerability caused by an initial high privileged account password not being enforced to change, letting unauthenticated network attackers take full control of the device, exploit requires default password unchanged.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can gain full control of the device, leading to complete system compromise.
Mitigation
Update to version 3.0.94 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-33784
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- new
CWE
- CWE-1393
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H