KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

6.9

CVSS
Medium

CVE-2026-7473

PUBLISHED

Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass

Exploited in the wild Remote Low complexity No user interaction

Vendor: Arista Networks
Product: EOS
Published: Jun 05, 2026
EPSS: —

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.

Weaknesses (CWE)

CWE-1023

Incomplete Comparison with Missing Factors

CVSS scores

CVSS v4.0 6.9 Medium

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

CVSS v3.1 5.8 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2026-06-05 16:40:23 UTC · Source

References

https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-05 16:40 UTC

Timeline

CVE ID Reserved

2026-04-29 20:08 UTC
CVE Published to Public

2026-06-05 16:22 UTC
Added to KEVIntel

2026-06-05 16:40 UTC