All incidents

CISA adds KNX protocol flaw CVE-2023-4346 to Known Exploited Vulnerabilities catalogue

vulnerabilityopenJul 15, 2026 — Jul 15, 2026

ON 15 July 2026 the Cybersecurity and Infrastructure Security Agency added CVE‑2023‑4346 to its Known Exploited Vulnerabilities catalogue, signalling that the flaw in the KNX protocol is being actively exploited.

The vulnerability carries a CVSS v3.1 base score of 7.5, rated HIGH, and stems from an overly restrictive account lockout mechanism in the KNX Association’s Connection Authorization Option 1.

Successful exploitation lets an attacker purge all devices without additional security options enabled, set a BCU key to lock the device and erase configuration data, effectively causing a denial of service.

No patch is currently available from the vendor, and the flaw is classified as an authentication bypass/authorization issue in the connection authorisation process.

Although CISA has not linked the flaw to any specific threat actor, its inclusion in the KEV catalogue indicates that the vulnerability has been observed in the wild and poses a clear risk to operational technology environments.

Defenders should review their KNX deployments, verify whether Connection Authorization Option 1 is enabled and consider disabling it if not required, while applying any vendor‑specified mitigations and monitoring for anomalous authentication attempts.

Organisations are also urged to consult the CISA guidance linked in the KEV entry and to keep abreast of future updates as the situation develops.

Intelligence briefing updated Jul 15, 2026

CVE-2023-4346 7.5 KEV
Root sourcewww.cve.org
Timeline Coverage

Swipe to explore timeline