By vendor

Arista vulnerabilities

Known CVEs affecting Arista products, prioritized by severity, with SEC.co remediation and detection guidance.

5 published vulnerabilities

  • CVE-2026-25620MEDIUM 6.0

    A command injection flaw exists in Arista's Next Generation Firewall (NGFW) captive portal feature, allowing a high-privilege user to inject commands through what should be an encrypted password field. The vulnerability is present only in version 17.4.0. While it requires authenticated administrative access to exploit, successful attacks could compromise system integrity and confidentiality.

  • CVE-2026-25621MEDIUM 6.0

    Arista's Edge Threat Management NGFW version 17.4.0 contains a weakness in how its Reports application validates user input. An authenticated attacker with high-level permissions could potentially inject malicious commands through the Reports interface, leading to unauthorized access to sensitive data or limited system integrity compromise. Earlier versions are not affected.

  • CVE-2026-25622MEDIUM 6.0

    A vulnerability in Arista's Next Generation Firewall (NGFW) allows an authenticated administrator to inject arbitrary shell commands through the Captive Portal Custom Handler feature. An attacker with valid admin credentials can exploit improper input validation to execute system-level commands on the firewall, potentially compromising the security appliance itself.

  • CVE-2026-25623MEDIUM 6.0

    Arista's Next Generation Firewall (NGFW) contains a command execution vulnerability in its browser-based management interface. An authenticated administrator with legitimate access to the firewall's web console can inject malicious input into the management pipeline, allowing them to execute arbitrary operating system commands on the underlying system. This bypasses normal administrative controls and grants attacker-level terminal access.

  • CVE-2026-25624MEDIUM 5.7

    A cross-site scripting (XSS) vulnerability exists in Arista Next Generation Firewall's administrative dashboard. An attacker with administrative credentials can inject malicious code into web form fields that are then reflected back to other administrators viewing the dashboard, potentially allowing them to steal session tokens, modify firewall rules, or perform other administrative actions on behalf of legitimate users. This is a stored or reflected XSS issue that requires an attacker to have already compromised an admin account or trick an admin into clicking a malicious link.