CVE-2026-22323
Received Received - Intake
CSRF Vulnerability in Link Aggregation Interface Allows Unauthorized Configuration Changes

Publication date: 2026-03-18

Last updated on: 2026-03-18

Assigner: CERT VDE

Description
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22323
EUVD
EUVD-2026-12794
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
phoenix_contact fl_switch to 3.53 (exc)
phoenix_contact fl_switch_2xxx to 3.53 (exc)
phoenix_contact fl_switch_tsn_23xx to 3.53 (exc)
phoenix_contact fl_switch_59xx to 3.53 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate the CVE-2026-22323 vulnerability, users should update the firmware of affected Phoenix Contact FL SWITCH devices to version 3.53 or later.

This update resolves the Cross-Site Request Forgery (CSRF) vulnerability in the Link Aggregation configuration interface that allows unauthorized configuration changes.

Executive Summary

CVE-2026-22323 is a Cross-Site Request Forgery (CSRF) vulnerability in the Link Aggregation configuration interface of Phoenix Contact FL SWITCH devices. It allows an unauthenticated remote attacker to trick authenticated users into unknowingly sending unauthorized POST requests by luring them to a malicious webpage. This results in the attacker silently altering the device’s configuration without the victim’s knowledge or consent.

Impact Analysis

This vulnerability can impact you by allowing an attacker to change the configuration of your Phoenix Contact FL SWITCH device without your knowledge or consent. Although the device will automatically recover after a successful attack, the unauthorized configuration changes could disrupt network operations or security settings temporarily. The integrity of the device’s configuration is compromised, but confidentiality is not affected, and availability impact is low.

Compliance Impact

I don't know

Detection Guidance

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22323. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart