Exposure of Resource to Wrong Sphere in Arista Extensible Operating System (EOS) - CVE-2026-52898
Published: June 24, 2026
Arista Extensible Operating System (EOS)
Detailed vulnerability description
The vulnerability allows a remote user to disclose unintended data.
The vulnerability exists due to exposure of resource to wrong sphere in the Streaming Telemetry Agent (TerminAttr) when processing a specifically designed sequence of packets. A remote user can send a specifically designed sequence of packets to disclose unintended data.
The agent must be configured to stream to CloudVision and run with the -cveapimode=queued flag.