CVE-2026-7473
MEDIUM CISA KEVDescription
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| arista | eos |
| arista | 7020sr-24c2 |
| arista | 7020sr-32c2 |
| arista | 7020srg-24c2 |
| arista | 7020tr-48 |
| arista | 7020tra-48 |
| arista | 7280cr-48 |
| arista | 7280cr2-60 |
| arista | 7280cr2a-30 |
| arista | 7280cr2a-60 |
| arista | 7280cr2k-30 |
| arista | 7280cr2k-60 |
| arista | 7280cr2m-30 |
| arista | 7280cr3-32d4 |
| arista | 7280cr3-32p4 |
| arista | 7280cr3-36s |
| arista | 7280cr3-96 |
| arista | 7280cr3a-24d12 |
| arista | 7280cr3a-48d6 |
| arista | 7280cr3a-72 |
| arista | 7280cr3ak-24d12 |
| arista | 7280cr3ak-48d6 |
| arista | 7280cr3ak-72 |
| arista | 7280cr3am-24d12 |
| arista | 7280cr3am-48d6 |
| arista | 7280cr3am-72 |
| arista | 7280cr3mk-32d4s |
| arista | 7280cr3mk-32p4s |
| arista | 7280dr3-24 |
| arista | 7280dr3a-36 |
| arista | 7280dr3a-54 |
| arista | 7280dr3ak-36 |
| arista | 7280dr3ak-54 |
| arista | 7280dr3am-36 |
| arista | 7280dr3am-54 |
| arista | 7280pr3-24 |
| arista | 7280qr-c36 |
| arista | 7280qr-c36-m |
| arista | 7280qr-c72 |
| arista | 7280qra-c36s |
| arista | 7280qra-c36sm |
| arista | 7280sr-48c6 |
| arista | 7280sr2-48yc6 |
| arista | 7280sr2-48yc6-m |
| arista | 7280sr2a-48yc6 |
| arista | 7280sr2a-48yc6-m |
| arista | 7280sr2k-48c6-m |
| arista | 7280sr3-40yc6 |
| arista | 7280sr3-48yc8 |
| arista | 7280sr3m-48yc8 |
| arista | 7280sra-48c6 |
| arista | 7280sra-48c6-m |
| arista | 7280sram-48c6 |
| arista | 7280srm-40cx2 |
| arista | 7280tr-48c6 |
| arista | 7280tr3-40c6 |
| arista | 7280tra-48c6 |
| arista | 7280tra-48c6-m |
| arista | 7289r3a-sc |
| arista | 7289r3ak-sc |
| arista | 7289r3am-sc |
| arista | 7500r-36cq-lc |
| arista | 7500r-36q-lc |
| arista | 7500r-48s2cq-lc |
| arista | 7500r-8cfpx-lc |
| arista | 7500r2-36cq-lc |
| arista | 7500r2a-36cq-lc |
| arista | 7500r2ak-36cq-lc |
| arista | 7500r2ak-48ycq-lc |
| arista | 7500r2am-36cq-lc |
| arista | 7500r2m-36cq-lc |
| arista | 7500r3-24d |
| arista | 7500r3-24p |
| arista | 7500r3-36cq |
| arista | 7500r3k-36cq |
| arista | 7500r3k-48y4d |
| arista | 7500rm-36cq-lc |
| arista | 7504r-fm |
| arista | 7504r3 |
| arista | 7508r-fm |
| arista | 7508r3 |
| arista | 7512r-fm |
| arista | 7512r3 |
| arista | 7516-sup2 |
| arista | 7516n-ch |
| arista | 7516r-fm |
| arista | 7800r3-36d |
| arista | 7800r3-48cq |
| arista | 7800r3a-36d |
| arista | 7800r3a-36dm |
| arista | 7800r3a-36p |
| arista | 7800r3a-36pm |
| arista | 7800r3ak-36dm |
| arista | 7800r3ak-36pm |
| arista | 7800r3k-48cq |
| arista | 7800r3k-48cqms |
| arista | 7800r3k-72y |
| arista | 7804r3 |
| arista | 7808r3 |
| arista | 7812r3 |
| arista | 7816lr3 |
| arista | 7816r3 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-7473? +
How severe is CVE-2026-7473? +
What products are affected by CVE-2026-7473? +
How do I check if I'm vulnerable to CVE-2026-7473? +
Related Vulnerabilities
BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates …
OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact …
OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or …
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical …
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, …
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and …