Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
CVE-2026-7473

6.9MEDIUM

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 5 June 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2026-7473?

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.

This issue has been reported as being exploited in the wild.

Affected Version(s)

EOS 7020R Series 4.36.0

EOS 7020R Series 4.35.0 <= 4.35

References

https://www.arista.com/en/support/advisories-notices/secu...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Scott Christiansen, Lukas Peitz, Rich Compton, and Jonathan Davis at Comcast

CVE-2026-7473 Data

JSON