AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-7473: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesJune 8, 2026CVE-2026-7473

Summary

Arista Extensible Operating System (EOS, network switching software) has a vulnerability where the switch incorrectly unwraps and forwards tunneled packets (data wrapped in another protocol for transmission) that match its decapsulation IP address, allowing unexpected traffic to pass through. This flaw is currently being exploited by attackers in real-world attacks.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See Arista's security advisory at https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

June 8, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-1023

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7473

First tracked: June 9, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%