CVE-2026-7473

MEDIUM CISA KEV EPSS 53.1%

Published Jun 5, 20263w ago · Modified Jun 17, 20261w ago

6.9 CVSS 4.0

Medium

Find Similar

Published Jun 5, 2026 3w ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Jun 9, 2026 3w ago

KEV Due Jun 23, 2026 7d overdue

Description

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.

CVSS Details

Base Score

6.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

CISA Known Exploited Overdue 7d

Added: Jun 9, 2026
Due: Jun 23, 2026

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

53.1% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

Weaknesses 1

CWE-1023

Affected Products 102

Vendor	Product	Version	Range
arista	eos	*	any
arista	7020sr-24c2	*	any
arista	7020sr-32c2	*	any
arista	7020srg-24c2	*	any
arista	7020tr-48	*	any
arista	7020tra-48	*	any
arista	7280cr-48	*	any
arista	7280cr2-60	*	any
arista	7280cr2a-30	*	any
arista	7280cr2a-60	*	any
arista	7280cr2k-30	*	any
arista	7280cr2k-60	*	any
arista	7280cr2m-30	*	any
arista	7280cr3-32d4	*	any
arista	7280cr3-32p4	*	any
arista	7280cr3-36s	*	any
arista	7280cr3-96	*	any
arista	7280cr3a-24d12	*	any
arista	7280cr3a-48d6	*	any
arista	7280cr3a-72	*	any
arista	7280cr3ak-24d12	*	any
arista	7280cr3ak-48d6	*	any
arista	7280cr3ak-72	*	any
arista	7280cr3am-24d12	*	any
arista	7280cr3am-48d6	*	any
arista	7280cr3am-72	*	any
arista	7280cr3mk-32d4s	*	any
arista	7280cr3mk-32p4s	*	any
arista	7280dr3-24	*	any
arista	7280dr3a-36	*	any
arista	7280dr3a-54	*	any
arista	7280dr3ak-36	*	any
arista	7280dr3ak-54	*	any
arista	7280dr3am-36	*	any
arista	7280dr3am-54	*	any
arista	7280pr3-24	*	any
arista	7280qr-c36	*	any
arista	7280qr-c36-m	*	any
arista	7280qr-c72	*	any
arista	7280qra-c36s	*	any
arista	7280qra-c36sm	*	any
arista	7280sr-48c6	*	any
arista	7280sr2-48yc6	*	any
arista	7280sr2-48yc6-m	*	any
arista	7280sr2a-48yc6	*	any
arista	7280sr2a-48yc6-m	*	any
arista	7280sr2k-48c6-m	*	any
arista	7280sr3-40yc6	*	any
arista	7280sr3-48yc8	*	any
arista	7280sr3m-48yc8	*	any
arista	7280sra-48c6	*	any
arista	7280sra-48c6-m	*	any
arista	7280sram-48c6	*	any
arista	7280srm-40cx2	*	any
arista	7280tr-48c6	*	any
arista	7280tr3-40c6	*	any
arista	7280tra-48c6	*	any
arista	7280tra-48c6-m	*	any
arista	7289r3a-sc	*	any
arista	7289r3ak-sc	*	any
arista	7289r3am-sc	*	any
arista	7500r-36cq-lc	*	any
arista	7500r-36q-lc	*	any
arista	7500r-48s2cq-lc	*	any
arista	7500r-8cfpx-lc	*	any
arista	7500r2-36cq-lc	*	any
arista	7500r2a-36cq-lc	*	any
arista	7500r2ak-36cq-lc	*	any
arista	7500r2ak-48ycq-lc	*	any
arista	7500r2am-36cq-lc	*	any
arista	7500r2m-36cq-lc	*	any
arista	7500r3-24d	*	any
arista	7500r3-24p	*	any
arista	7500r3-36cq	*	any
arista	7500r3k-36cq	*	any
arista	7500r3k-48y4d	*	any
arista	7500rm-36cq-lc	*	any
arista	7504r-fm	*	any
arista	7504r3	*	any
arista	7508r-fm	*	any
arista	7508r3	*	any
arista	7512r-fm	*	any
arista	7512r3	*	any
arista	7516-sup2	*	any
arista	7516n-ch	*	any
arista	7516r-fm	*	any
arista	7800r3-36d	*	any
arista	7800r3-48cq	*	any
arista	7800r3a-36d	*	any
arista	7800r3a-36dm	*	any
arista	7800r3a-36p	*	any
arista	7800r3a-36pm	*	any
arista	7800r3ak-36dm	*	any
arista	7800r3ak-36pm	*	any
arista	7800r3k-48cq	*	any
arista	7800r3k-48cqms	*	any
arista	7800r3k-72y	*	any
arista	7804r3	*	any
arista	7808r3	*	any
arista	7812r3	*	any
arista	7816lr3	*	any
arista	7816r3	*	any

References 3

arista.com https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137

Broken Link
arista.com https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137

MitigationVendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-7473

US Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.