Question 1

What is CVE-2026-7473 — Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability?

Accepted Answer

Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.

Question 2

What is the authoritative source for CVE-2026-7473?

Accepted Answer

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability (CVE-2026-7473) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	5.8 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS	0.38% probability of exploitation · percentile 29.4% · 2026-06-19T12:03:05Z
Last modified	2026-06-09

CVE-2026-7473Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Description

Scoring

CISA KEV entry

Related by meaning· 6