The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities to its Known Exploited Vulnerabilities catalog, including flaws in Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8. Notably, the Arista EOS vulnerability, tracked as CVE-2026-7473, has a CVSS score of 6.9 and is considered an Incomplete Comparison with Missing Factors Vulnerability. This addition to the catalog indicates that these vulnerabilities are being actively exploited by threat actors, emphasizing the need for prompt mitigation. The inclusion of these flaws in the KEV catalog signifies a heightened risk, as CISA only adds vulnerabilities that have been confirmed to be exploited in the wild1. This development matters to security practitioners because it highlights the urgency of applying patches or implementing workarounds to prevent potential attacks, particularly for organizations using affected products.
U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog
⚠️ Critical Alert
Why This Matters
CVE-2026-7473 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, June 10). U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog. *SecurityAffairs*. https://securityaffairs.com/193464/security/u-s-cisa-adds-cisco-catalyst-sd-wan-arista-extensible-operating-system-eos-and-google-chromium-v8-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Original Source
SecurityAffairs
Read original →