Hackers are exploiting a zero-day vulnerability (CVE-2026-7473) in Arista's Extensible Operating System (EOS), affecting specific high-performance switch models, which allows unauthorized tunnel traffic processing without a patch available. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities list, urging federal agencies to mitigate it promptly.
The most pressing insight for your focus on cybersecurity and threat intelligence is the exploitation of a zero-day vulnerability in Arista Extensible Operating System (EOS), tracked as CVE-2026-7473. This vulnerability won't receive a patch due to configuration risks, and mitigation instructions have been provided instead. With the U.S. cybersecurity agency CISA adding it to its Known Exploited Vulnerabilities list, it's crucial for security teams to implement the recommended mitigations promptly to protect affected data center, cloud, and enterprise environments.