CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
- Jun 10
- 2 min read
Key Findings
CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks
Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding
Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score
Arista EOS tunnel decapsulation weakness (CVE-2026-7473) processes unauthorized tunneled traffic; vendor declined to release patches due to configuration compatibility concerns
Federal agencies must implement fixes or mitigations by June 23, 2026
Background
The Cybersecurity and Infrastructure Security Agency maintains an active exploit catalog documenting real-world security threats that attackers are currently weaponizing. This catalog serves as a baseline security requirement for federal civilian agencies and private sector organizations. Real-time monitoring and timely patching of these vulnerabilities protects critical infrastructure and enterprise data from active infiltration attempts.
Cisco Catalyst SD-WAN Manager Root Privilege Escalation
The first critical addition tracks as CVE-2026-20245 with a CVSS score of 7.8. This command injection vulnerability affects Cisco Catalyst SD-WAN Manager components and stems from improper input encoding within the command-line interface. An authenticated local attacker can supply a crafted file to execute arbitrary commands with root privileges. Early investigations reveal limited but confirmed cases where adversaries have already pushed unauthorized configuration changes directly to edge hardware, demonstrating active exploitation in production environments.
Google Chromium V8 and Arista EOS Memory Defects
The remaining two vulnerabilities impact distinct enterprise infrastructure layers. CVE-2026-11645 is a critical out-of-bounds memory flaw in Google Chromium's V8 engine carrying a CVSS score of 8.8. Remote attackers can trigger arbitrary code execution within the browser sandbox using specially crafted HTML pages. Separately, Arista switches face CVE-2026-7473, a tunnel decapsulation weakness with a 6.9 CVSS score. The vulnerability allows switches to incorrectly decapsulate and forward unexpected tunneled packets because they lack protocol type verification. This primarily affects 7020R, 7280R/R2, and 7500R/R2 series products configured as tunnel endpoints.
Arista's Unconventional Patch Strategy
Notably, Arista announced it will not release patches for CVE-2026-7473, citing risks that updates could break existing customer configurations in active deployments. Instead, the company recommends applying access control lists on upstream devices or on affected switches themselves to selectively allow legitimate tunnel traffic or block malicious variants. This approach places responsibility on network administrators to implement compensating controls rather than relying on vendor-supplied fixes.
Mandatory Remediation Timeline
Federal agencies must implement patches or approved mitigations by June 23, 2026. Enterprise deployment teams should prioritize immediate software upgrades to eliminate exposure to these known exploited vulnerabilities. Continuous monitoring of perimeter logs helps identify unauthorized administrative interactions and suspicious tunnel traffic early, providing additional detection layers while patches are being deployed.
Sources
https://securityonline.info/cisa-active-exploit-catalog-additions/
https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html
https://x.com/the_yellow_fall/status/2064528964744597714

Comments