Vendor scorecard
Arista
Data-center and campus switching built on a single EOS image across the portfolio.
CPE: arista
Product families
3
Open in latest
19
Inferred — see methodology
Last disclosure
Jun 5, 2026
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| EOSRouting & Switchingeos, eos_xi | 1 | 16 | 4.32.1fHIGH | ||
| CloudVisionNetwork Management & Monitoringcloudvision_portal, cloudvision_wifi | 1 | 3 | 2026.1.0HIGH | ||
| WirelessWireless LANc-200, c-230, c-250… | 0 | 0 | unknown |
02
Recent CVEs
2 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-7473(opens NVD record) | Medium | 5.8 | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild. | Jun 5, 2026 |
| CVE-2026-31431(opens NVD record) | High | 7.8 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. | Apr 22, 2026 |
2 CVEs · 3 product families