U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog
June 10, 2026 
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog.
The two flaws added to the catalog are:
- CVE-2026-7473 (CVSS score v4.0 of 6.9) Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
- CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
- CVE-2026-20245 (CVSS score v4.0 of 7.1) Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
CVE-2026-7473 is a vulnerability in Arista EOS that affects systems configured for tunnel decapsulation (such as VXLAN, GRE, or decap-groups). It allows the switch to incorrectly process and forward unexpected tunneled packets if they match a configured decapsulation IP, without properly verifying the tunnel protocol type. As a result, traffic that was not intended for decapsulation can be accepted and handled, potentially leading to traffic misrouting or security bypass. The issue has also been reported as being actively exploited in the wild.
The second flaw added to the catalog, tracked as CVE-2026-11645, is an out-of-bounds memory access in the V8 JavaScript engine. Out-of-bounds memory access occurs when a program reads from or writes to a memory location outside the boundaries of an allocated buffer, array, or memory region. Such flaws could lead to denial of service conditions (application crashes), privilege escalation, ot remote code execution (RCE). This flaw is the fifth Chrome zero-day that is being exploited in the wild in 2026. As usual, Google did not share technical details about the attacks exploiting this vulnerability.
The third flaw added to the catalog, tracked as CVE-2026-20245, is a privilege escalation flaw in Cisco Catalyst SD-WAN Manager, the platform formerly known as SD-WAN vManage. An authenticated local attacker can trigger the vulnerability to run arbitrary commands as root. No patch is out, and no workaround exists. The mechanics are straightforward: bad input validation. Although the flaw requires netadmin privileges, attackers can obtain them using stolen credentials or by exploiting previously disclosed vulnerabilities such as CVE-2026-20182 and CVE-2026-20127.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by June 23, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, CISA)
