CVE-2026-22321
Received
Received - Intake
Stack-Based Buffer Overflow in Telnet/SSH CLI Causes Session Crash
Publication date: 2026-03-18
Last updated on: 2026-03-18
Assigner: CERT VDE
Description
Description
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a lowβseverity availability disruption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | fl_switch | to 3.53 (exc) |
| phoenix_contact | fl_switch | 3.53 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
