ON 15 July 2026 the Cybersecurity and Infrastructure Security Agency added CVE‑2023‑4346 to its Known Exploited Vulnerabilities catalogue, signalling that the flaw in the KNX protocol is being actively exploited.
The vulnerability carries a CVSS v3.1 base score of 7.5, rated HIGH, and stems from an overly restrictive account lockout mechanism in the KNX Association’s Connection Authorization Option 1.
Successful exploitation lets an attacker purge all devices without additional security options enabled, set a BCU key to lock the device and erase configuration data, effectively causing a denial of service.
No patch is currently available from the vendor, and the flaw is classified as an authentication bypass/authorization issue in the connection authorisation process.
Although CISA has not linked the flaw to any specific threat actor, its inclusion in the KEV catalogue indicates that the vulnerability has been observed in the wild and poses a clear risk to operational technology environments.
Defenders should review their KNX deployments, verify whether Connection Authorization Option 1 is enabled and consider disabling it if not required, while applying any vendor‑specified mitigations and monitoring for anomalous authentication attempts.
Organisations are also urged to consult the CISA guidance linked in the KEV entry and to keep abreast of future updates as the situation develops.