CISA KEV Update: Active Exploitation of Google Chrome, Arista EOS, and Cisco Systems
CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in Google Chrome, Arista EOS, and Cisco Systems, transitioning these vulnerabilities from theoretical risks to confirmed active exploitations. The Chrome vulnerabilities involve sandbox escapes—addressed in the Stable Channel 149 update—allowing attackers to gain host-level execution from the browser process. Simultaneously, critical flaws in Arista EOS and Cisco networking hardware provide vectors for network-wide interception, disruption, and lateral movement. Immediate remediation via vendor patches is mandatory for federal agencies and critical for enterprise environments to mitigate the risk of perimeter breach and internal escalation.
Arista Networks EOS: Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass CVE-2026-7473
CVE-2026-7473 is a critical vulnerability in Arista EOS caused by deficient packet validation during the decapsulation of tunnel protocol traffic. Attackers can utilize specially crafted VXLAN or GRE headers to trick the system into bypassing protocol verification, effectively decapsulating packets and forwarding them into restricted network segments. This flaw allows for a complete bypass of network segmentation and isolation controls, enabling unauthorized lateral movement across secure zones. CISA has confirmed active exploitation in the wild, necessitating immediate firmware updates to EOS versions specified in Arista Security Advisory 24005-0137 to prevent unauthorized access to protected environments.