{"api_version":"1","generated_at":"2026-07-03T20:53:51+00:00","cve":"CVE-2026-8402","urls":{"html":"https://cve.report/CVE-2026-8402","api":"https://cve.report/api/cve/CVE-2026-8402.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-8402","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-8402"},"summary":{"title":"SQLi in Exagate's SYSGUARD 6001","description":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. \nNOTE: The vendor was contacted and it was learned that the product is not supported.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2026-06-30 12:16:26","updated_at":"2026-06-30 14:12:56"},"problem_types":["CWE-89","CWE-89 CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0467","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0467","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-8402","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8402","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Eksagate Electronic Engineering and Computer Industry Trade Inc.","product":"SYSGUARD 6001","version":"affected 2.0.2 6.1.16.0 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Talha YILDIZ","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"8402","cve":"CVE-2026-8402","epss":"0.003210000","percentile":"0.239340000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-8402","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-30T12:10:58.652129Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-30T12:11:17.691Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"SYSGUARD 6001","vendor":"Eksagate Electronic Engineering and Computer Industry Trade Inc.","versions":[{"lessThan":"6.1.16.0","status":"affected","version":"2.0.2","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Talha YILDIZ"}],"datePublic":"2026-06-30T11:29:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.<p>This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.&nbsp;\n<span>NOTE: The vendor was contacted and it was learned that the product is not supported.</span>\n\n</p>"}],"value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. \nNOTE: The vendor was contacted and it was learned that the product is not supported."}],"impacts":[{"capecId":"CAPEC-7","descriptions":[{"lang":"en","value":"CAPEC-7 Blind SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T11:36:49.530Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0467"}],"source":{"advisory":"TR-26-0467","defect":["TR-26-0467"],"discovery":"UNKNOWN"},"tags":["unsupported-when-assigned"],"title":"SQLi in Exagate's SYSGUARD 6001","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2026-8402","datePublished":"2026-06-30T11:36:49.530Z","dateReserved":"2026-05-12T14:42:08.496Z","dateUpdated":"2026-06-30T12:11:17.691Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-30 12:16:26","lastModifiedDate":"2026-06-30 14:12:56","problem_types":["CWE-89","CWE-89 CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T12:10:58.652129Z","id":"CVE-2026-8402","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"8402","Ordinal":"1","Title":"SQLi in Exagate's SYSGUARD 6001","CVE":"CVE-2026-8402","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"8402","Ordinal":"1","NoteData":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. \nNOTE: The vendor was contacted and it was learned that the product is not supported.","Type":"Description","Title":"SQLi in Exagate's SYSGUARD 6001"}]}}}