What is CVE-2026-7473?
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.
CISA Known Exploited Vulnerability
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
Affected product
Arista Extensible Operating System
NVD also lists CPE entries for: Arista Eos, Arista 7020sr-24c2, Arista 7020sr-32c2, Arista 7020srg-24c2, Arista 7020tr-48
Remediation Steps
- Apply the vendor security patch from Arista Networks
- Verify patch deployment across all affected EOS instances
- Monitor network device logs for suspicious activity
- Coordinate patching during maintenance windows to minimize service disruption
References
- https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137
- https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-7473
- https://nvd.nist.gov/vuln/detail/CVE-2026-7473
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Coverage on defend.network
- Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)