Arista

vulnerabilities 2026-06-23
Arista EOS CVE-2026-7473: Tunnel Decap Flaw Bypasses Segmentation — and Arista Won't Patch It
CVE-2026-7473 lets an unauthenticated attacker push arbitrary tunneled traffic through Arista data-center switches that decapsulate it without checking the protocol. Exploited in the wild, on CISA's KEV list with a deadline of today — and Arista has confirmed no patch is coming.
arista network-appliance zero-day active-exploitation cisa-kev

Arista EOS CVE-2026-7473: Tunnel Decap Flaw Bypasses Segmentation — and Arista Won't Patch It