CVE-2026-22323
Published: 18 March 2026
Summary
CVE-2026-22323 is a high-severity CSRF (CWE-352) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-22323 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, in the Link Aggregation configuration interface of the affected device. Published on 2026-03-18T08:16:30.513, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L), indicating high integrity impact with low availability impact and no confidentiality impact.
An unauthenticated remote attacker can exploit this vulnerability by luring an authenticated user to a malicious webpage, which tricks the victim into sending unauthorized POST requests to the device. This enables silent alteration of the device's configuration without the victim's knowledge or consent. The availability impact remains low, as the device automatically recovers without external intervention.
Mitigation details are available in the advisory published by CERT VDE at https://certvde.com/de/advisories/VDE-2025-104.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12794
Vulnerability details
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration…
more
without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing device config interface directly enables exploitation of public-facing applications via crafted requests from lured users.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CSRF by enforcing session authenticity through mechanisms like anti-CSRF tokens to validate legitimate requests to the configuration interface.
Requires validation of inputs such as CSRF tokens in POST requests to the Link Aggregation interface, preventing forged configuration changes.
Mandates re-authentication for configuration changes, thwarting CSRF exploits that cannot supply valid credentials from a malicious webpage.