Arista says hackers have exploited a flaw in its EOS network operating system, and some affected switch platforms will not get a software fix. The issue, CVE-2026-7473, affects certain Arista devices configured as tunnel endpoints and can cause them to accept and decapsulate unconfigured tunnel traffic sent to the same IP address. Arista says impacted products include 7020R, 7280R/R2, and 7500R/R2 series, with some IPv6 decapsulation scenarios also affecting 7280R3, 7500R3, and 7800R3. CISA has added the bug to its Known Exploited Vulnerabilities list.
Why it matters: Organizations using affected Arista switches may be exposed right now, and there is no vendor patch planned, so this is a mitigation-or-replace situation rather than a routine update. Network defenders should identify affected tunnel configurations immediately, apply Arista's workarounds, and prioritize review because CISA says the flaw is being actively exploited.
info@thehackernews.com (The Hacker News)
2026.06.10
88% relevant
This article updates that event by noting CISA has now added Arista EOS CVE-2026-7473 to the KEV catalog, confirming federal prioritization of the actively exploited flaw and increasing urgency for organizations that must rely on mitigations because some platforms will not receive a patch.
Ionut Arghire
2026.06.10
100% relevant
This article establishes a new tracked story because it centers on a distinct exploited Arista EOS vulnerability, CVE-2026-7473, with no patch planned and fresh KEV action, which is not the same underlying event as any existing tracked story.
← Back to all stories