Contact us
Contact us

News

About

Home Crypto News CISA Adds Cisco, Chrome and Arista Flaws to KEV; No Arista Patch

CISA Adds Cisco, Chrome and Arista Flaws to KEV; No Arista Patch

Author Whitewallet Research
Posted: 10 June 2026, 15:37 CET 2 min read

CISA added three actively exploited flaws to its KEV list: Cisco Catalyst SD‑WAN (CVE‑2026‑20245), Chrome V8 (CVE‑2026‑11645) and Arista EOS (CVE‑2026‑7473); Arista will not issue a patch.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday added three vulnerabilities to its Known Exploited Vulnerabilities catalog after reports of in‑the‑wild exploitation. The entries are CVE‑2026‑20245 in Cisco Catalyst SD‑WAN Manager, CVE‑2026‑11645 in Google Chrome V8 and CVE‑2026‑7473 in Arista Extensible Operating System.

CVE‑2026‑11645 in Chrome’s V8 engine carries a CVSS score of 8.8 and can allow a remote attacker to execute arbitrary code inside the browser sandbox through a crafted HTML page. CVE‑2026‑20245 in Cisco Catalyst SD‑WAN Manager has a score of 7.8 and results from improper encoding or escaping of output; an authenticated local user can run commands as root by supplying a crafted file. CVE‑2026‑7473 in Arista EOS is rated 6.9 and stems from an incomplete comparison that can cause the switch to process unexpected tunneled traffic.

Arista reported that the EOS issue affects platforms using tunnel decapsulation configurations such as VXLAN VTEP, decap‑groups or GRE tunnel interfaces, and primarily impacts 7020R, 7280R/R2 and 7500R/R2 series switches. Exploitation requires the device to be configured as a tunnel endpoint with a decapsulation IP. Arista credited Comcast researchers Scott Christiansen, Lukas Peitz, Rich Compton and Jonathan Davis for the disclosure and confirmed the vulnerability has been exploited in the wild.

Arista declined to produce a software patch for CVE‑2026‑7473, saying changes intended to block the behavior could disrupt existing customer configurations. The vendor outlined two mitigation approaches: apply access control list rules on upstream devices or on the affected switches to allow only legitimate tunnel traffic or to block unexpected tunneled packets.

The Cisco SD‑WAN vulnerability requires an authenticated local account to trigger root command execution. The Chrome V8 defect permits remote code execution from a crafted web page. CISA assigned the three flaws to the KEV list to accelerate mitigation across federal and private networks and directed Federal Civilian Executive Branch agencies to apply vendor fixes or compensating controls by June 23, 2026.

CISA noted active exploitation and advised organizations to prioritize remediation. Inclusion on the KEV catalog identifies vulnerabilities with known exploitation so operators can focus resources on patching where fixes exist or implementing compensating controls when vendors do not provide patches.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE