CVE-2026-22323
Received Received - Intake
CSRF Vulnerability in Link Aggregation Interface Allows Unauthorized Configuration Changes

Publication date: 2026-03-18

Last updated on: 2026-03-18

Assigner: CERT VDE

Description
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22323
EUVD
EUVD-2026-12794
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
phoenix_contact fl_switch to 3.53 (exc)
phoenix_contact fl_switch_2xxx to 3.53 (exc)
phoenix_contact fl_switch_tsn_23xx to 3.53 (exc)
phoenix_contact fl_switch_59xx to 3.53 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-22323 vulnerability, users should update the firmware of affected Phoenix Contact FL SWITCH devices to version 3.53 or later.

This update resolves the Cross-Site Request Forgery (CSRF) vulnerability in the Link Aggregation configuration interface that allows unauthorized configuration changes.


Can you explain this vulnerability to me?

CVE-2026-22323 is a Cross-Site Request Forgery (CSRF) vulnerability in the Link Aggregation configuration interface of Phoenix Contact FL SWITCH devices. It allows an unauthenticated remote attacker to trick authenticated users into unknowingly sending unauthorized POST requests by luring them to a malicious webpage. This results in the attacker silently altering the device’s configuration without the victim’s knowledge or consent.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker to change the configuration of your Phoenix Contact FL SWITCH device without your knowledge or consent. Although the device will automatically recover after a successful attack, the unauthorized configuration changes could disrupt network operations or security settings temporarily. The integrity of the device’s configuration is compromised, but confidentiality is not affected, and availability impact is low.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart