CVE-2026-7473
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
CVSS
—
No CVSS
EPSS
0.8%
p54
KEV
YES
Jun 9, 2026
Exploit Today
66
0-100
Published: — · Last modified: —
Product
Arista / Extensible Operating System
Vulnerability
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
Added to KEV
Jun 9, 2026
Remediate by
Jun 23, 2026
Known ransomware use
No
Summary description
Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137 ; https://nvd.nist.gov/vuln/detail/CVE-2026-7473
No related CVEs by CWE or product.