Buffer Overflow Vulnerability in WebUI of Vendor Product
CVE-2026-22316

6.5MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Fl Switch 2005; Fl Switch 2008; Fl Switch 2016; Fl Switch 2105
Vendor: CVE Published:; 18 March 2026

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2026-22316?

A vulnerability exists in the webUI of the affected product, where a remote attacker holding user privileges can exploit the TFTP Filename setting through a crafted POST request. This leads to a stack-based buffer overflow, potentially allowing a denial-of-service (DoS) attack, disrupting normal operations and affecting system availability.

Affected Version(s)

FL NAT 2008 0.0.0 < 3.53

FL NAT 2208 0.0.0 < 3.53

FL NAT 2304-2GC-2SFP 0.0.0 < 3.53

References

https://certvde.com/de/advisories/VDE-2025-104

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2026
Vulnerability Reserved
Jan 7, 2026

Credit

Gabriele Quagliarella from Nozomi Networks

CVE-2026-22316 Data

JSON