CVE-2026-22322
Published: 18 March 2026
Summary
CVE-2026-22322 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-22322 is a stored cross-site scripting (XSS) vulnerability, associated with CWE-79, in the Link Aggregation configuration interface. It enables an unauthenticated remote attacker to inject malicious HTML/JavaScript code into a trunk entry. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
An unauthenticated remote attacker can exploit this by creating a trunk entry with malicious code. When an authenticated user views the affected page, the injected script executes in the victim's browser context, potentially allowing unauthorized actions such as interface manipulation. However, the session cookie is protected by the httpOnly flag, preventing session takeover.
For details on mitigation, patches, or workarounds, refer to the advisory at https://certvde.com/de/advisories/VDE-2025-104.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12791
Vulnerability details
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of…
more
the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing web config interface enables exploitation of the application (T1190) and arbitrary JavaScript execution in victim browser context (T1059.007) for actions like interface manipulation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates inputs to the Link Aggregation configuration interface to prevent unauthenticated attackers from injecting malicious HTML/JavaScript code into trunk entries.
Filters and encodes outputs when rendering trunk entries to block execution of any injected scripts in the context of the victim's browser.
Enforces identification and authentication for non-organizational users accessing the configuration interface, blocking unauthenticated remote attackers from creating malicious trunk entries.