CVE-2026-7473

MEDIUM CISA KEV
Published Jun 5, 2026 Modified Jun 9, 2026 CWE-1023

Description

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.

CVSS v3.1 Score

5.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS — Exploit Prediction

0.0084
Probability of exploitation
0.53%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Jun 9, 2026 Remediation due: Jun 23, 2026

Weakness Type (CWE)

CWE-1023 CWE-1023

Affected Products

Vendor Product
arista eos
arista 7020sr-24c2
arista 7020sr-32c2
arista 7020srg-24c2
arista 7020tr-48
arista 7020tra-48
arista 7280cr-48
arista 7280cr2-60
arista 7280cr2a-30
arista 7280cr2a-60
arista 7280cr2k-30
arista 7280cr2k-60
arista 7280cr2m-30
arista 7280cr3-32d4
arista 7280cr3-32p4
arista 7280cr3-36s
arista 7280cr3-96
arista 7280cr3a-24d12
arista 7280cr3a-48d6
arista 7280cr3a-72
arista 7280cr3ak-24d12
arista 7280cr3ak-48d6
arista 7280cr3ak-72
arista 7280cr3am-24d12
arista 7280cr3am-48d6
arista 7280cr3am-72
arista 7280cr3mk-32d4s
arista 7280cr3mk-32p4s
arista 7280dr3-24
arista 7280dr3a-36
arista 7280dr3a-54
arista 7280dr3ak-36
arista 7280dr3ak-54
arista 7280dr3am-36
arista 7280dr3am-54
arista 7280pr3-24
arista 7280qr-c36
arista 7280qr-c36-m
arista 7280qr-c72
arista 7280qra-c36s
arista 7280qra-c36sm
arista 7280sr-48c6
arista 7280sr2-48yc6
arista 7280sr2-48yc6-m
arista 7280sr2a-48yc6
arista 7280sr2a-48yc6-m
arista 7280sr2k-48c6-m
arista 7280sr3-40yc6
arista 7280sr3-48yc8
arista 7280sr3m-48yc8
arista 7280sra-48c6
arista 7280sra-48c6-m
arista 7280sram-48c6
arista 7280srm-40cx2
arista 7280tr-48c6
arista 7280tr3-40c6
arista 7280tra-48c6
arista 7280tra-48c6-m
arista 7289r3a-sc
arista 7289r3ak-sc
arista 7289r3am-sc
arista 7500r-36cq-lc
arista 7500r-36q-lc
arista 7500r-48s2cq-lc
arista 7500r-8cfpx-lc
arista 7500r2-36cq-lc
arista 7500r2a-36cq-lc
arista 7500r2ak-36cq-lc
arista 7500r2ak-48ycq-lc
arista 7500r2am-36cq-lc
arista 7500r2m-36cq-lc
arista 7500r3-24d
arista 7500r3-24p
arista 7500r3-36cq
arista 7500r3k-36cq
arista 7500r3k-48y4d
arista 7500rm-36cq-lc
arista 7504r-fm
arista 7504r3
arista 7508r-fm
arista 7508r3
arista 7512r-fm
arista 7512r3
arista 7516-sup2
arista 7516n-ch
arista 7516r-fm
arista 7800r3-36d
arista 7800r3-48cq
arista 7800r3a-36d
arista 7800r3a-36dm
arista 7800r3a-36p
arista 7800r3a-36pm
arista 7800r3ak-36dm
arista 7800r3ak-36pm
arista 7800r3k-48cq
arista 7800r3k-48cqms
arista 7800r3k-72y
arista 7804r3
arista 7808r3
arista 7812r3
arista 7816lr3
arista 7816r3

References

Frequently Asked Questions

What is CVE-2026-7473? +
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild. It has a CVSS v3.1 base score of 5.8 (MEDIUM). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
How severe is CVE-2026-7473? +
CVE-2026-7473 has a CVSS v3.1 score of 5.8 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0084, placing it in the 1th percentile for exploitation probability.
What products are affected by CVE-2026-7473? +
CVE-2026-7473 affects products from arista, specifically: 7020sr-24c2, 7020sr-32c2, 7020srg-24c2, 7020tr-48, 7020tra-48, 7280cr-48, 7280cr2-60, 7280cr2a-30, 7280cr2a-60, 7280cr2k-30, 7280cr2k-60, 7280cr2m-30, 7280cr3-32d4, 7280cr3-32p4, 7280cr3-36s, 7280cr3-96, 7280cr3a-24d12, 7280cr3a-48d6, 7280cr3a-72, 7280cr3ak-24d12, 7280cr3ak-48d6, 7280cr3ak-72, 7280cr3am-24d12, 7280cr3am-48d6, 7280cr3am-72, 7280cr3mk-32d4s, 7280cr3mk-32p4s, 7280dr3-24, 7280dr3a-36, 7280dr3a-54, 7280dr3ak-36, 7280dr3ak-54, 7280dr3am-36, 7280dr3am-54, 7280pr3-24, 7280qr-c36, 7280qr-c36-m, 7280qr-c72, 7280qra-c36s, 7280qra-c36sm, 7280sr-48c6, 7280sr2-48yc6, 7280sr2-48yc6-m, 7280sr2a-48yc6, 7280sr2a-48yc6-m, 7280sr2k-48c6-m, 7280sr3-40yc6, 7280sr3-48yc8, 7280sr3m-48yc8, 7280sra-48c6, 7280sra-48c6-m, 7280sram-48c6, 7280srm-40cx2, 7280tr-48c6, 7280tr3-40c6, 7280tra-48c6, 7280tra-48c6-m, 7289r3a-sc, 7289r3ak-sc, 7289r3am-sc, 7500r-36cq-lc, 7500r-36q-lc, 7500r-48s2cq-lc, 7500r-8cfpx-lc, 7500r2-36cq-lc, 7500r2a-36cq-lc, 7500r2ak-36cq-lc, 7500r2ak-48ycq-lc, 7500r2am-36cq-lc, 7500r2m-36cq-lc, 7500r3-24d, 7500r3-24p, 7500r3-36cq, 7500r3k-36cq, 7500r3k-48y4d, 7500rm-36cq-lc, 7504r-fm, 7504r3, 7508r-fm, 7508r3, 7512r-fm, 7512r3, 7516-sup2, 7516n-ch, 7516r-fm, 7800r3-36d, 7800r3-48cq, 7800r3a-36d, 7800r3a-36dm, 7800r3a-36p, 7800r3a-36pm, 7800r3ak-36dm, 7800r3ak-36pm, 7800r3k-48cq, 7800r3k-48cqms, 7800r3k-72y, 7804r3, 7808r3, 7812r3, 7816lr3, 7816r3, eos. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2026-7473? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2026-7473 — free, no signup required.

Start Free Scan