Arista and U.S. Cybersecurity and Infrastructure Security Agency: No Patch Planned for Exploited Arista EOS Vulnerability

Arista and U.S. Cybersecurity and Infrastructure Security Agency: No Patch Planned for Exploited Arista EOS Vulnerability

Zero-Day Exploit in Arista EOS Remains Unpatched as Hackers Target Network Devices

Hackers are actively exploiting a zero-day vulnerability in Arista Extensible Operating System (EOS), a Linux-based network OS used in high-performance switches for data centers, cloud, and enterprise environments. Tracked as CVE-2026-7473 (CVSS 6.9), the flaw stems from improper verification of tunnel protocol types, allowing unauthorized decapsulation of non-configured tunnel traffic.

The vulnerability affects Arista EOS devices configured as tunnel endpoints, including those using decap-groups, GRE tunnels, or VXLAN. Specifically, devices set to decapsulate one tunnel type may incorrectly process other protocols destined for the same IP address even if those protocols weren’t explicitly configured. Impacted models include the 7020R, 7280R/R2, 7500R/R2 series, with additional risks for 7280R3, 7500R3, and 7800R3 series in certain IP-in-IPv6 and GUE IPv6 decap group scenarios.

Arista confirmed in a May advisory that the flaw is being exploited in the wild. However, the company will not release patches or hotfixes, citing the risk of disrupting existing configurations. Instead, it has provided mitigation instructions for affected users.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-7473 to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, mandating federal agencies to address the issue within two weeks. The agency also included two other actively exploited zero-days in its KEV list: CVE-2026-11645 (Chrome) and CVE-2026-20245 (Cisco SD-WAN).

Source: https://www.securityweek.com/no-patch-planned-for-exploited-arista-eos-vulnerability/

Arista Networks cybersecurity rating report: https://www.rankiteo.com/company/arista-networks-inc

Cybersecurity and Infrastructure Security Agency cybersecurity rating report: https://www.rankiteo.com/company/cisagov

"id": "ARICIS1781094274",
"linkid": "arista-networks-inc, cisagov",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Data centers, cloud providers, '
                                              'and enterprise environments '
                                              'using Arista EOS devices',
                        'industry': 'Networking Hardware, Data Center '
                                    'Solutions',
                        'name': 'Arista Networks',
                        'type': 'Technology Vendor'}],
 'attack_vector': 'Network-based exploitation of improper tunnel protocol '
                  'verification',
 'customer_advisories': 'Mitigation instructions provided by Arista for '
                        'affected users',
 'date_publicly_disclosed': '2026-05',
 'description': 'Hackers are actively exploiting a zero-day vulnerability in '
                'Arista Extensible Operating System (EOS), a Linux-based '
                'network OS used in high-performance switches for data '
                'centers, cloud, and enterprise environments. The flaw, '
                'tracked as CVE-2026-7473 (CVSS 6.9), stems from improper '
                'verification of tunnel protocol types, allowing unauthorized '
                'decapsulation of non-configured tunnel traffic.',
 'impact': {'operational_impact': 'Unauthorized decapsulation of '
                                  'non-configured tunnel traffic, potential '
                                  'network disruption',
            'systems_affected': 'Arista EOS devices configured as tunnel '
                                'endpoints (7020R, 7280R/R2, 7500R/R2, 7280R3, '
                                '7500R3, 7800R3 series)'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Improper verification of tunnel '
                                           'protocol types in Arista EOS'},
 'references': [{'source': 'Arista Advisory'},
                {'source': 'CISA Known Exploited Vulnerabilities Catalog'}],
 'regulatory_compliance': {'regulatory_notifications': 'CISA added '
                                                       'CVE-2026-7473 to its '
                                                       'Known Exploited '
                                                       'Vulnerabilities (KEV) '
                                                       'catalog, mandating '
                                                       'federal agencies to '
                                                       'address the issue '
                                                       'within two weeks'},
 'response': {'containment_measures': 'Mitigation instructions provided by '
                                      'Arista (no patches or hotfixes)'},
 'title': 'Zero-Day Exploit in Arista EOS Remains Unpatched as Hackers Target '
          'Network Devices',
 'type': 'Zero-Day Exploit',
 'vulnerability_exploited': 'CVE-2026-7473'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.