What is CVE-2026-22323?

CVE-2026-22323 is a high-severity vulnerability in Phoenix Contact Fl Nat 2008, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.1/10. Published 2026-03-18.

How severe is CVE-2026-22323?

High severity. CVSS v3 base score is 7.1 out of 10.

CSRF in Phoenix Contact Fl Nat 2008

CVE-2026-22323

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This c…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L.

Affected products

Phoenix Contact Fl Nat 2008 — versions 0.0.0
Phoenix Contact Fl Nat 2208 — versions 0.0.0
Phoenix Contact Fl Nat 2304-2gc-2sfp — versions 0.0.0
Phoenix Contact Fl Switch 2005 — versions 0.0.0
Phoenix Contact Fl Switch 2008 — versions 0.0.0
Phoenix Contact Fl Switch 2008f — versions 0.0.0
Phoenix Contact Fl Switch 2016 — versions 0.0.0
Phoenix Contact Fl Switch 2105 — versions 0.0.0
Phoenix Contact Fl Switch 2108 — versions 0.0.0
Phoenix Contact Fl Switch 2116 — versions 0.0.0

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

certvde.com/de/advisories/VDE-2025-104

Frequently asked questions

What is CVE-2026-22323?: CVE-2026-22323 is a high-severity vulnerability in Phoenix Contact Fl Nat 2008, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.1/10. Published 2026-03-18.
How severe is CVE-2026-22323?: High severity. CVSS v3 base score is 7.1 out of 10.