CVE-2026-33784

JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access

Description

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.

INFO

Published Date :

2026-04-09T21:36:37.519Z

Last Modified :

2026-04-09T21:36:37.519Z

Source :

juniper

AFFECTED PRODUCTS

The following products are affected by CVE-2026-33784 vulnerability.

Vendors	Products
Juniper Networks	Jsi Lwc

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33784.

URL	Resource
https://kb.juniper.net/JSA107871

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact