CVE-2026-22322

Name of the Vulnerable Software and Affected Versions versions prior to 2026-22322

Description A stored cross-site scripting (XSS) issue exists in the Link Aggregation configuration interface. An unauthenticated remote attacker can create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, potentially enabling unauthorized interface manipulation. The session cookie is protected by the httpOnly flag, preventing session takeover.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.