Arista Extensible Operating System contains a flaw in packet decapsulation logic that may allow attackers to forward specially crafted tunneled packets by exploiting incomplete validation. The vulnerability affects network switches and requires vendor mitigations or product discontinuation. CISA has added this to the Known Exploited Vulnerabilities catalog with a June 2026 remediation deadline.

Why it matters in Western Canada: Energy, healthcare, and government organizations across Western Canada rely on Arista networking infrastructure for critical operations. Exploitation could compromise network segmentation and enable lateral movement within sensitive environments.

CVEs: CVE-2026-7473

---

Summary generated from the original advisory. Read the full source: cisa-kev