Improper Certificate Validation in Arista Extensible Operating System (EOS) - CVE-2026-52896
Published: June 24, 2026
Arista Extensible Operating System (EOS)
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper certificate validation in the Streaming Telemetry Agent (TerminAttr) when using grpc tunnel. A remote attacker can present a certificate that is improperly validated to disclose sensitive information.
Only certain configurations using grpc tunnel are vulnerable.