CVE-2026-8402
CriticalCVSS 9.8Summary
A Blind SQL Injection vulnerability was found in Eksagate SYSGUARD 6001 due to improper neutralization of special elements in SQL commands. The issue affects versions from 2.0.2 before 6.1.16.0, and the vendor no longer supports the product.
Risk Assessment
An attacker can exploit this vulnerability to gain unauthorized access to the database, leading to data theft or manipulation, posing a significant risk to data confidentiality and integrity.
Recommendation
It is recommended to immediately disconnect the SYSGUARD 6001 from the network and replace it with a supported solution, as the vendor does not provide patches for this vulnerability.
Original NVD description (English source)
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was contacted and it was learned that the product is not supported.

