CVE-2026-33784CRITICAL 9.8EPSS p36.1%

CVE-2026-33784CVE-2026-33784

Description

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.1% · 2026-06-19T12:03:05Z
Published2026-04-09
Last modified2026-04-13

Underlying weaknesses· 1

CWE-1393

References

  1. https://kb.juniper.net/JSA107871

1

TypeTargetConfidenceTier
WeaknessUse of Default Passwordcwe-13930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8310
CVE
CVE-2026-33785
CVE
CVE-2026-22910
CVE
CVE-2026-7365
CVE
CVE-2026-35075
CVE
CVE-2025-27638
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.