CVE-2026-22323 — HIGH (7.1)

Vulnerability Description

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Related Weaknesses (CWE)

CWE-352

References

https://certvde.com/de/advisories/VDE-2025-104

FAQ

What is CVE-2026-22323?

CVE-2026-22323 is a vulnerability with a CVSS score of 7.1 (HIGH). A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur...

How severe is CVE-2026-22323?

CVE-2026-22323 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-22323?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.