Is Fl Switch 2416 affected by CVE-2026-22322?

An unauthenticated attacker can inject malicious code into the Link Aggregation configuration interface that executes when administrators view the affected page, potentially allowing unauthorized manipulation of network settings.

CVE-2026-22322

EUVD-2026-12791 HIGH

2026-03-18 CERTVDE

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 18, 2026 - 08:00 euvd

EUVD-2026-12791

Analysis Generated

Mar 18, 2026 - 08:00 vuln.today

CVE Published

Mar 18, 2026 - 07:34 nvd

HIGH 7.1

Tags

XSS Fl Switch 2416 Fl Switch 2506 2sfp Pn Fl Switch 2216 Pn Fl Switch 2408 Fl Switch 2406 2sfx Pn Fl Switch 2008 Fl Switch 2308 Fl Switch 2214 2sfx Fl Switch 2414 2sfx Fl Switch 2105 Fl Switch 2516 Pn Fl Switch 2206 2fx Sm Fl Switch Tsn 2316 Fl Switch 2314 2sfp Fl Switch 2207 Fx Sm Fl Switch 5924 4gc Fl Switch 2108 Fl Switch 2316 Fl Switch 2308 Pn Fl Switch 2016 Fl Switch Tsn 2312 2gc 2sfp Fl Switch 2508 Pn Fl Switch 2214 2fx Sm Fl Switch 2206 2fx Fl Switch 2206 2sfx Pn Fl Switch 2005 Fl Switch 2708 Fl Switch 2514 2sfp Pn Fl Nat 2304 2gc 2sfp Fl Switch 2205 Fl Switch 2206 2fx St Fl Switch 2204 2tc 2sfx Fl Switch 2304 2gc 2sfp Fl Switch 2404 2tc 2sfx Fl Switch 2506 2sfp Fl Switch 5924sfp 4gc Fl Switch 2516 Fl Switch 2408 Pn Fl Switch 2414 2sfx Pn Fl Switch 2406 2sfx Fl Nat 2208 Fl Switch 2316 Pn Fl Switch 2508 Fl Switch 2314 2sfp Pn Fl Switch 2416 Pn Fl Switch 2608 Fl Switch 2212 2tc 2sfx Fl Switch 2512 2gc 2sfp Fl Switch 2206c 2fx Fl Switch 2608 Pn Fl Switch 2208 Fl Switch 2214 2sfx Pn Fl Switch 2216 Fl Switch 2214 2fx Fl Switch 2206 2fx Sm St Fl Switch 2206 2sfx Fl Switch 2708 Pn Fl Switch 2303 8sp1 Fl Nat 2008 Fl Switch 2116 Fl Switch 2412 2tc 2sfx Fl Switch 2208c Fl Switch 2208 Pn Fl Switch 2504 2gc 2sfp Fl Switch 2514 2sfp Fl Switch 2306 2sfp Fl Switch 2207 Fx Fl Switch Tsn 2314 2sfp Fl Switch 2306 2sfp Pn Fl Switch 2008f Fl Switch 2312 2gc 2sfp

Description

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Analysis

A cross-site scripting vulnerability (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.

Remediation

Within 24 hours: Restrict administrative access to the Link Aggregation configuration interface to trusted networks only and document current trunk configurations. Within 7 days: Implement WAF rules to sanitize HTML/JavaScript inputs to the Link Aggregation feature and conduct audit logs for suspicious trunk entries. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: 0

CVE-2026-22322 vulnerability details – vuln.today

Back

CVE-2026-22322

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code