Vulnerability intelligence
CVE-2026-7473
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.
CVSS Score
6.9
Medium
EPSS — Exploit Probability
22%
Riskier than 96% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2026-06-09
Remediation
Patch available
Federal deadline 2026-06-23
8 articles across 5 outlets · first covered Jun 9, 2026 · latest Jun 10, 2026
Tracked incidents
Coverage timeline
-
CISA flags Arista, Chrome, Cisco flaws; patch by June 23securityaffairs.com · Jun 10, 2026
-
Havoc Stager Uses Fake Invoices to Hit South American Firmssecurityonline.info · Jun 10, 2026
-
Architectural Exposure: Developers Extract Apple’s Subterranean Core Prompts for Siri AIsecurityonline.info · Jun 10, 2026
-
Critical Check Point VPN Flaw Under Active Attack Amid New CVEssecurityonline.info · Jun 10, 2026
-
Arista zero day EOS flaw exploited, CISA urges mitigationwww.securityweek.com · Jun 10, 2026
-
CISA warns of critical flaws in Chromium, Arista and Cisco gearsecurityonline.info · Jun 10, 2026
-
CISA Adds Arista EOS Flaw to KEV Catalog, Urges Patchwww.cisa.gov · Jun 9, 2026
-
CISA confirms active exploitation of Arista EOS CVE-2026-7473 flawcisa.gov · Jun 9, 2026