10 June 2026
Reference: CVE-2026-7473
1. What is being reported?
Arista's Extensible Operating System (EOS) on some switches has a vulnerability when configured to handle tunnelled network traffic like VXLAN or GRE tunnels. The switch may wrongly accept and forward tunnel traffic it shouldn't, because it does not properly check the type of tunnel protocol. This can lead to unexpected or malicious data being processed by the switch.
2. What this means in plain English
If your organisation uses Arista switches with these tunnel features enabled, attackers could exploit this flaw to send harmful or unauthorised data through your network. This could disrupt your network or expose sensitive information. Even if you do not use these specific tunnel features, it is important to confirm your setup to be sure.
3. Could this affect a small business?
Small businesses using Arista switches with VXLAN, GRE, or similar tunnel configurations could be affected. If your network does not use these tunnel features or you do not have Arista switches, this vulnerability likely does not affect you. Ask your IT provider to confirm.
4. What to do now
- Ask your IT provider if your network uses Arista EOS switches with tunnel decapsulation features like VXLAN or GRE.
- If affected, follow Arista’s vendor instructions to apply any available mitigations or updates promptly.
- If no mitigation is available, consider discontinuing use of the vulnerable product until it is fixed.
- Review your network configurations to ensure only necessary tunnel features are enabled and monitored.
5. Ask your IT provider
Can you confirm if our network uses Arista EOS switches with VXLAN, GRE, or similar tunnel decapsulation features, and if so, have we applied the latest mitigations for CVE-2026-7473?
6. Bottom line
Check your Arista network equipment now and apply fixes to prevent attackers from exploiting this known vulnerability.
Information based on CISA KEV, NVD and reputable security reporting.