Cyber Resilience

CVE-2026-22323

High

Published: 18 March 2026

Published
18 March 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
EPSS Score 0.0002 3.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22323 is a high-severity CSRF (CWE-352) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-22323 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, in the Link Aggregation configuration interface of the affected device. Published on 2026-03-18T08:16:30.513, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L), indicating high integrity impact with low availability impact and no confidentiality impact.

An unauthenticated remote attacker can exploit this vulnerability by luring an authenticated user to a malicious webpage, which tricks the victim into sending unauthorized POST requests to the device. This enables silent alteration of the device's configuration without the victim's knowledge or consent. The availability impact remains low, as the device automatically recovers without external intervention.

Mitigation details are available in the advisory published by CERT VDE at https://certvde.com/de/advisories/VDE-2025-104.

EU & UK References

Vulnerability details

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration…

more

without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CSRF in public-facing device config interface directly enables exploitation of public-facing applications via crafted requests from lured users.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-37102Shared CWE-352
CVE-2024-37450Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2025-68722Shared CWE-352
CVE-2025-31440Shared CWE-352
CVE-2025-23848Shared CWE-352
CVE-2025-22571Shared CWE-352
CVE-2024-53684Shared CWE-352
CVE-2025-23455Shared CWE-352
CVE-2025-22582Shared CWE-352

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CSRF by enforcing session authenticity through mechanisms like anti-CSRF tokens to validate legitimate requests to the configuration interface.

prevent

Requires validation of inputs such as CSRF tokens in POST requests to the Link Aggregation interface, preventing forged configuration changes.

prevent

Mandates re-authentication for configuration changes, thwarting CSRF exploits that cannot supply valid credentials from a malicious webpage.

References