CVE-2026-7473: Arista Extensible Operating System Incomplete Comparison

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability. Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.

• CISA KEV-listed (remediation due 2026-06-23)
• EPSS 22.5% (96.0% percentile)

Browse the CVE database

Read the full analysis on IntelFusions