The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog by including three new security flaws affecting products from Cisco, Google Chrome, and Arista. This action follows reports of these vulnerabilities being actively exploited in the wild.
Details of the Newly Added Vulnerabilities
The vulnerabilities added to the KEV catalog are as follows:
- CVE-2026-20245: This vulnerability, with a CVSS score of 7.8, exists in Cisco Catalyst SD-WAN Manager. It arises from improper encoding or escaping of output, allowing an authenticated local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
- CVE-2026-11645: Assigned a CVSS score of 8.8, this flaw is found in Google Chrome’s V8 engine. It involves an out-of-bounds read and write issue that could enable a remote attacker to execute arbitrary code within a sandboxed environment via a specially crafted HTML page.
- CVE-2026-7473: With a CVSS score of 6.9, this vulnerability affects Arista’s Extensible Operating System (EOS). It stems from an incomplete comparison with missing factors, potentially leading to the processing of non-configured tunnel traffic.
Arista’s Response and Mitigation Strategies
Arista has acknowledged that CVE-2026-7473 has been exploited in the wild, crediting researchers from Comcast for responsibly disclosing the issue. The vulnerability primarily impacts the 7020R, 7280R/R2, and 7500R/R2 series products. Exploitation requires the device to be configured as a tunnel endpoint with a decapsulation IP, such as a VXLAN VTEP, a GRE tunnel endpoint, or an IP decap-group.
Despite the active exploitation, Arista has stated that no patches are planned for this vulnerability. The company cites potential risks to existing configurations as the reason for not releasing a patch. Instead, Arista recommends two broad mitigation approaches:
- Applying Access Control Lists (ACLs) on upstream devices to selectively allow only legitimate tunnel traffic or to block malicious tunnel traffic.
- Implementing ACLs on the devices where unexpected decapsulation is occurring to achieve the same selective traffic control.
These mitigation strategies aim to prevent the processing of unauthorized tunnel traffic without disrupting existing network configurations.
Implications and Recommendations
The inclusion of these vulnerabilities in CISA’s KEV catalog underscores the critical need for organizations to stay vigilant and proactive in addressing security flaws. Federal Civilian Executive Branch (FCEB) agencies have been directed to apply the necessary fixes or mitigations by June 23, 2026, to counter the threats posed by these vulnerabilities.
Organizations utilizing Cisco Catalyst SD-WAN Manager, Google Chrome, or Arista EOS should assess their systems for exposure to these vulnerabilities. Prompt application of patches where available, or implementation of recommended mitigations, is essential to safeguard against potential exploits. This proactive approach is vital in maintaining the security and integrity of network infrastructures.
As cyber threats continue to evolve, the timely identification and remediation of vulnerabilities remain paramount. Organizations are encouraged to monitor advisories from CISA and other authoritative sources to stay informed about emerging threats and to implement security measures accordingly.
