What is CVE-2026-22322?

CVE-2026-22322 is a high-severity vulnerability in Phoenix Contact Fl Nat 2008, classified under Cross-site Scripting. CVSS score: 7.1/10. Published 2026-03-18.

How severe is CVE-2026-22322?

High severity. CVSS v3 base score is 7.1 out of 10.

XSS in Phoenix Contact Fl Nat 2008

CVE-2026-22322

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.

Affected products

Phoenix Contact Fl Nat 2008 — versions 0.0.0
Phoenix Contact Fl Nat 2208 — versions 0.0.0
Phoenix Contact Fl Nat 2304-2gc-2sfp — versions 0.0.0
Phoenix Contact Fl Switch 2005 — versions 0.0.0
Phoenix Contact Fl Switch 2008 — versions 0.0.0
Phoenix Contact Fl Switch 2008f — versions 0.0.0
Phoenix Contact Fl Switch 2016 — versions 0.0.0
Phoenix Contact Fl Switch 2105 — versions 0.0.0
Phoenix Contact Fl Switch 2108 — versions 0.0.0
Phoenix Contact Fl Switch 2116 — versions 0.0.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

certvde.com/de/advisories/VDE-2025-104

Frequently asked questions

What is CVE-2026-22322?: CVE-2026-22322 is a high-severity vulnerability in Phoenix Contact Fl Nat 2008, classified under Cross-site Scripting. CVSS score: 7.1/10. Published 2026-03-18.
How severe is CVE-2026-22322?: High severity. CVSS v3 base score is 7.1 out of 10.