PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-7473 Arista Networks CVE debrief

CVE-2026-7473 is a vulnerability in Arista EOS where a tunnel decapsulation configuration is present, allowing an attacker to incorrectly decapsulate and forward other unexpected tunneled packets with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. The vulnerability has a CVSS score of 6.9 and is considered Medium severity. It has been reported as being exploited in the wild.

Vendor
Arista Networks
Product
EOS
CVSS
MEDIUM 6.9
CISA KEV
Listed
Original CVE published
2026-06-09
Original CVE updated
2026-06-09
Advisory published
2026-06-09
Advisory updated
2026-06-09

Who should care

Administrators and users of Arista EOS, particularly those with tunnel decapsulation configurations such as VXLAN, decap-groups, or GRE tunnel interfaces.

Technical summary

The vulnerability is caused by the lack of verification of the tunnel protocol type in Arista EOS, allowing for the incorrect decapsulation and forwarding of tunneled packets. This code affects multiple Arista products.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by Arista to address the vulnerability.
  • Review and update tunnel decapsulation configurations to ensure they are properly configured and secured.
  • Monitor network traffic for suspicious activity related to tunnel decapsulation.

Evidence notes

CVE-2026-7473 has been reported by CISA as being known to be exploited in the wild. Arista has provided security advisories and mitigation guidance.

Official resources

public