CVE-2026-7473

CVE-2026-7473 affects Arista EOS tunnel decapsulation: VXLAN, GRE, IP-in-IP, GUE, and decap-groups can cause decapsulation of non-configured tunnel traffic when the destination IP matches the configured decap IP. Root cause: the switch does not verify the tunnel protocol type, enabling unintended...

EUVD-2026-34858

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...