CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

EUVD-2026-34858

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

CVE-2026-7473 Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

CVE-2026-7473

CVE-2026-7473 affects Arista EOS devices where a tunnel decapsulation config (VXLAN, decap-groups, GRE) can cause the switch to decapsulate and forward unintended tunneled packets whose destination matches the decap IP. Root cause: lack of verification of the tunnel protocol type leading to proce...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

EUVD-2026-31403

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

PT-2026-42721

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

CVE-2026-43456

A flaw was found in the Linux kernel's bonding driver. When a non-Ethernet device, such as a Generic Routing Encapsulation GRE tunnel, is added to a bond, a type confusion vulnerability occurs. This happens because the bonding driver incorrectly copies network header operations from the slave...

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms where tunnel decapsulation configurations such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface are present, the switch...

Security Advisory 0137

Security Advisory 0137 PDF Date: May 5, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 5, 2026 | Initial release 1.1 | May 7, 2026 | Clarified 7280R3, 7500R3 and 7800R3 exposure is limited 1.2 | May 13, 2026 | Updated Mitigation section with a note of caution 1.3 | May 20, 2026 | Updated...

VulnCheck KEV: CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

CVE-2026-23276

A flaw was found in the Linux kernel. When a bond device in broadcast mode has Generic Routing Encapsulation GRE tap interfaces configured as slaves, and these GRE tunnels are routed back through the bond, multicast or broadcast network traffic can trigger an infinite recursion. This recursion...

CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

ROS-20260128-73-0020

A vulnerability in the net/ipv4/ipgre.c and net/ipv6/ip6gre.c modules of the Linux operating system kernel is related to resource management errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-21906

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode...

CVE-2026-21906

CVE-2026-21906 overview (Junos OS SRX Series) A vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series can be triggered by a specific ICMP packet routed through a GRE tunnel when PowerMode IPsec (PMI) and GRE performance acceleration are enabled. An unauthe...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989720 advisory. In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum...

EUVD-2025-27871

Malicious code in bioql PyPI...

The vulnerabilities in the modules net/ipv4/ip_gre.c and net/ipv6/ip6_gre.c of the Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/ipv4/ipgre.c and net/ipv6/ip6gre.c modules of the Linux kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...