On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.
This issue has been reported as being exploited in the wild.
References
| Link | Resource |
|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137 | Broken Link |
| https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137 | Vendor Advisory Mitigation |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-7473 | US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
History
09 Jun 2026, 20:48
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Arista 7800r3a-36dm
Arista 7280sr2-48yc6-m Arista 7280cr3ak-72 Arista 7280cr3a-48d6 Arista 7500r3-24p Arista 7812r3 Arista 7280dr3a-36 Arista 7500r3k-48y4d Arista 7280cr3a-24d12 Arista 7504r3 Arista 7280cr2m-30 Arista 7516n-ch Arista 7020sr-32c2 Arista 7280sr2-48yc6 Arista eos Arista 7500r2ak-48ycq-lc Arista 7808r3 Arista 7020sr-24c2 Arista 7816lr3 Arista 7516r-fm Arista 7280sr3-48yc8 Arista 7280srm-40cx2 Arista 7500r3k-36cq Arista 7280qra-c36sm Arista 7280dr3am-36 Arista 7280tr3-40c6 Arista 7500r-36cq-lc Arista 7500r2-36cq-lc Arista 7504r-fm Arista 7280cr3mk-32d4s Arista 7280cr-48 Arista 7280cr3a-72 Arista 7500r3-24d Arista 7280cr3ak-24d12 Arista 7500r2m-36cq-lc Arista 7500rm-36cq-lc Arista 7280cr3am-24d12 Arista 7280sr3-40yc6 Arista 7280dr3ak-54 Arista 7280cr2a-30 Arista 7800r3a-36p Arista 7500r2ak-36cq-lc Arista 7020tr-48 Arista 7800r3ak-36pm Arista 7280cr2k-30 Arista 7280sr2a-48yc6-m Arista 7280dr3a-54 Arista 7800r3-48cq Arista 7289r3ak-sc Arista 7280sr2a-48yc6 Arista 7804r3 Arista 7280cr3ak-48d6 Arista 7280qr-c36 Arista 7280tra-48c6-m Arista 7280dr3ak-36 Arista 7800r3k-48cqms Arista 7280cr3-96 Arista 7816r3 Arista 7280dr3am-54 Arista 7280cr3am-72 Arista 7280cr2a-60 Arista Arista 7020srg-24c2 Arista 7280cr3-36s Arista 7800r3-36d Arista 7280cr2k-60 Arista 7289r3a-sc Arista 7280tr-48c6 Arista 7500r-8cfpx-lc Arista 7800r3ak-36dm Arista 7800r3a-36pm Arista 7280dr3-24 Arista 7500r2am-36cq-lc Arista 7508r3 Arista 7500r2a-36cq-lc Arista 7800r3k-72y Arista 7280cr3am-48d6 Arista 7280sra-48c6-m Arista 7280sra-48c6 Arista 7280cr3mk-32p4s Arista 7280qr-c36-m Arista 7500r3-36cq Arista 7500r-48s2cq-lc Arista 7280cr2-60 Arista 7500r-36q-lc Arista 7289r3am-sc Arista 7280pr3-24 Arista 7280qra-c36s Arista 7512r3 Arista 7280qr-c72 Arista 7280cr3-32p4 Arista 7800r3k-48cq Arista 7280cr3-32d4 Arista 7280sr3m-48yc8 Arista 7280tra-48c6 Arista 7516-sup2 Arista 7280sram-48c6 Arista 7280sr-48c6 Arista 7800r3a-36d Arista 7280sr2k-48c6-m Arista 7512r-fm Arista 7020tra-48 Arista 7508r-fm |
|
| CPE | cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* cpe:2.3:h:arista:7020tra-48:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr2a-48yc6-m:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7504r-fm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7508r-fm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3am-24d12:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sra-48c6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sram-48c6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2m-30:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7020srg-24c2:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr2-48yc6-m:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr2k-48c6-m:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2ak-48ycq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr-48:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2k-30:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7512r-fm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280qr-c36:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3mk-32p4s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3ak-72:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr-48c6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r-48s2cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3ak-24d12:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280tra-48c6-m:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280qr-c36-m:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r-36q-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3k-72y:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7516r-fm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r-8cfpx-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sra-48c6-m:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7516-sup2:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3am-72:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2a-30:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2-60:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3mk-32d4s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500rm-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr2a-48yc6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2a-60:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7516n-ch:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280srm-40cx2:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2am-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7816lr3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2ak-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280qra-c36sm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2m-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280tra-48c6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3am-48d6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7020tr-48:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3ak-48d6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280qr-c72:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2a-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr2-48yc6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280qra-c36s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280tr-48c6:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr3m-48yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2-36cq-lc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7020sr-32c2:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7020sr-24c2:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:* |
|
| References | () https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137 - Broken Link | |
| References | () https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137 - Vendor Advisory, Mitigation | |
| References | () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-7473 - US Government Resource |
09 Jun 2026, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
08 Jun 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
05 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-05 17:17
Updated : 2026-06-09 20:48
NVD link : CVE-2026-7473
Mitre link : CVE-2026-7473
CVE.ORG link : CVE-2026-7473
JSON object : View
Products Affected
arista
- 7512r3
- 7289r3ak-sc
- 7500r-36cq-lc
- 7800r3a-36dm
- 7280sr2-48yc6-m
- 7020sr-32c2
- 7800r3k-72y
- 7280sr3-40yc6
- 7280cr3-36s
- 7500r-8cfpx-lc
- 7289r3am-sc
- 7500r2a-36cq-lc
- 7500r3-24d
- 7280dr3-24
- 7504r3
- 7280sr3-48yc8
- 7280sra-48c6
- 7280cr-48
- 7280cr3am-24d12
- 7280tr-48c6
- 7500rm-36cq-lc
- 7020srg-24c2
- 7280dr3a-36
- 7500r3-24p
- 7516-sup2
- eos
- 7808r3
- 7280qr-c72
- 7280cr3ak-48d6
- 7280cr3mk-32p4s
- 7280cr3am-72
- 7500r3k-36cq
- 7280cr2m-30
- 7500r2-36cq-lc
- 7500r3k-48y4d
- 7280cr3ak-72
- 7289r3a-sc
- 7508r-fm
- 7280cr2a-30
- 7812r3
- 7280tra-48c6
- 7280cr3a-24d12
- 7020tra-48
- 7800r3a-36pm
- 7800r3ak-36pm
- 7280sr2k-48c6-m
- 7280dr3ak-54
- 7280tr3-40c6
- 7020tr-48
- 7516r-fm
- 7280sr2a-48yc6
- 7280dr3am-36
- 7280cr2-60
- 7280pr3-24
- 7800r3-36d
- 7800r3k-48cqms
- 7800r3ak-36dm
- 7280cr3-32p4
- 7280dr3a-54
- 7280cr3-96
- 7280cr3mk-32d4s
- 7800r3k-48cq
- 7280qra-c36sm
- 7020sr-24c2
- 7500r2ak-48ycq-lc
- 7500r2m-36cq-lc
- 7280qra-c36s
- 7800r3a-36d
- 7280sr-48c6
- 7804r3
- 7280qr-c36
- 7280cr3ak-24d12
- 7816r3
- 7280cr3am-48d6
- 7500r-36q-lc
- 7280dr3ak-36
- 7500r3-36cq
- 7816lr3
- 7508r3
- 7280cr2a-60
- 7500r2am-36cq-lc
- 7280cr2k-30
- 7280sr3m-48yc8
- 7500r2ak-36cq-lc
- 7800r3-48cq
- 7280cr2k-60
- 7280sra-48c6-m
- 7280srm-40cx2
- 7516n-ch
- 7512r-fm
- 7280sr2a-48yc6-m
- 7280cr3a-72
- 7280sr2-48yc6
- 7280tra-48c6-m
- 7280cr3a-48d6
- 7504r-fm
- 7800r3a-36p
- 7500r-48s2cq-lc
- 7280dr3am-54
- 7280cr3-32d4
- 7280qr-c36-m
- 7280sram-48c6
CWE
CWE-1023
Incomplete Comparison with Missing Factors