CVE-2026-7473
Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
CVSS Score
5.8
EPSS Score
0.0%
EPSS Percentile
9th
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.
| CWE | CWE-1023 |
| Vendor | arista networks |
| Product | eos |
| Published | Jun 5, 2026 |
| Last Updated | Jun 9, 2026 |
⚠️ Actively Exploited — Act Now
Get instant alerts for arista networks eos
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-7473.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Arista Networks / EOS
4.36.0 4.35.0 ≤ 4.35 4.34.0 ≤ 4.34 4.33.0 ≤ 4.33 4.32.0 ≤ 4.32 4.31.0 ≤ 4.31 * ≤ 4.30
References
arista.com: https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137 arista.com: https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-7473
Credits
Scott Christiansen, Lukas Peitz, Rich Compton, and Jonathan Davis at Comcast