{
  "title": "Arista EOS CVE-2026-7473: KEV Tunneled Packet Decapsulation Segmentation Bypass",
  "summary": "CISA added Arista EOS CVE-2026-7473 to its KEV catalog on 2026-06-09 due to active exploitation. This critical security bypass vulnerability allows remote attackers to bypass network segmentation by sending tunneled packets (VXLAN, GRE) that the switch decapsulates without verifying the protocol type.",
  "date": "2026-06-09",
  "severity": "critical",
  "tags": [
    "arista",
    "eos",
    "cisa-kev",
    "segmentation-bypass",
    "zero-day"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "arista-eos-cve-2026-7473-kev",
    "since": "2026-06-09T00:00:00Z",
    "until": "2026-06-09T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-7473"
    ],
    "cwes": [
      "CWE-1023"
    ],
    "advisoryIds": [],
    "products": [
      "EOS (Extensible Operating System)"
    ],
    "packages": [
      "arista-eos"
    ],
    "versions": [],
    "affectedVersions": [
      "4.30.x to 4.36.x"
    ],
    "fixedVersions": [
      "Patches detailed in Arista Advisory 0137"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "vxlan",
      "gre",
      "decap-group"
    ]
  }
}