Eos

This hub aggregates every CVE we track for Eos, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Eos.

• CVE-2026-2379Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled5.9Jun 5, 2026
• CVE-2026-7473Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding BypassKEV5.8Jun 5, 2026
• CVE-2025-8873Arista EOS Dataplane Denial of Service via Malformed IPsec Packet7.5Jun 4, 2026
• CVE-2023-5502On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.5.9Jun 4, 2026
• CVE-2024-27892On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).9.6Jun 4, 2026
• CVE-2024-27890On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).9.6Jun 4, 2026
• CVE-2024-27891On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.5.3Jun 4, 2026
• CVE-2024-6858In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.6.5Jun 4, 2026
• CVE-2025-7048On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o4.3Jan 6, 2026
• CVE-2025-8872A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted6.5Dec 16, 2025
• CVE-2025-8870On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.4.9Nov 14, 2025
• CVE-2025-6188On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n7.5Aug 25, 2025
• CVE-2025-3456On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c3.8Aug 25, 2025
• CVE-2025-2826n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.2.6May 27, 2025
• CVE-2025-2796On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal5.3May 27, 2025