Cleartext storage of sensitive information in Arista Extensible Operating System (EOS) - CVE-2026-11704
Published: June 24, 2026
Arista Extensible Operating System (EOS)
Detailed vulnerability description
The vulnerability allows a remote user to stream unexpected data to CloudVision.
The vulnerability exists due to cleartext storage of sensitive information in the Streaming Telemetry Agent (TerminAttr) when streaming to CloudVision. A remote privileged user can access the stored data to stream unexpected data to CloudVision.
The agent must be configured to stream to CloudVision for exploitation.