CVE-2026-22320

CWE-121 — Stack-based Buffer Overflow3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 86.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact FL NAT 2008 Phoenix Contact FL NAT 2208 Phoenix Contact FL NAT 2304-2gc-2sfp +74 more

Timeline

PublishedMar 18

Description

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages77 packages

▶CVEListV5phoenix_contact/fl_nat_20080.0.0 — 3.53

▶CVEListV5phoenix_contact/fl_nat_22080.0.0 — 3.53

▶CVEListV5phoenix_contact/fl_switch_20050.0.0 — 3.53

▶CVEListV5phoenix_contact/fl_switch_20080.0.0 — 3.53

▶CVEListV5phoenix_contact/fl_switch_20160.0.0 — 3.53

🔴Vulnerability Details

CVEList

Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI↗2026-03-18

▶

GHSA

GHSA-22m2-mv56-5hwq: A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memo↗2026-03-18

▶