HarborGuard / CVE
Back to search
HIGHCVE-2026-22323Published Modified CNA CERTVDE

CVE-2026-22323: Cross‑Site Request Forgery in Link Aggregation Configuration

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

Metrics

CVSS v3.1
7.1
Severity
HIGH
Fixed in
3.53
Affected Products
77

Fix available

3.53
Affected packages
  • Phoenix Contact / FL SWITCH 2005
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2008
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2016
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2105
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2108
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2116
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2204-2TC-2SFX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2205
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206-2FX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206-2FX SM
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206-2FX SM ST
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206-2FX ST
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206-2SFX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206-2SFX PN
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2206C-2FX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2207-FX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2207-FX SM
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2208
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2208 PN
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2208C
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2212-2TC-2SFX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2214-2FX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2214-2FX SM
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2214-2SFX
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2214-2SFX PN
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2216
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2216 PN
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2304-2GC-2SFP
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2306-2SFP
    < 3.53 (from 0.0.0)
  • Phoenix Contact / FL SWITCH 2306-2SFP PN
    < 3.53 (from 0.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
References
CVE-2026-22323: Cross‑Site Request Forgery in Link Aggregation Configuration | HarborGuard CVE