Arista EOS CVE-2026-7473: KEV Tunneled Packet Decapsulation Bypass
CISA added actively exploited Arista EOS CVE-2026-7473 to KEV on 2026-06-09. Affected tunnel endpoints may decapsulate unexpected protocols sent to a configured decapsulation IP; Arista rates the issue Medium and provides configuration checks and ACL mitigations.