{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8402", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2026-05-12T14:42:08.496Z", "datePublished": "2026-06-30T11:36:49.530Z", "dateUpdated": "2026-06-30T12:11:17.691Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-30T11:36:49.530Z"}, "title": "SQLi in Exagate's SYSGUARD 6001", "datePublic": "2026-06-30T11:29:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "affected": [{"vendor": "Eksagate Electronic Engineering and Computer Industry Trade Inc.", "product": "SYSGUARD 6001", "versions": [{"status": "affected", "version": "2.0.2", "lessThan": "6.1.16.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.\u00a0\nNOTE: The vendor was contacted and it was learned that the product is not supported.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.<p>This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.&nbsp;\n<span>NOTE: The vendor was contacted and it was learned that the product is not supported.</span>\n\n</p>"}]}], "tags": ["unsupported-when-assigned"], "references": [{"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0467", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Talha YILDIZ", "type": "finder"}], "source": {"defect": ["TR-26-0467"], "advisory": "TR-26-0467", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T12:10:58.652129Z", "id": "CVE-2026-8402", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T12:11:17.691Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8402", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2026-05-12T14:42:08.496Z", "datePublished": "2026-06-30T11:36:49.530Z", "dateUpdated": "2026-06-30T12:11:17.691Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-30T11:36:49.530Z"}, "title": "SQLi in Exagate's SYSGUARD 6001", "datePublic": "2026-06-30T11:29:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "affected": [{"vendor": "Eksagate Electronic Engineering and Computer Industry Trade Inc.", "product": "SYSGUARD 6001", "versions": [{"status": "affected", "version": "2.0.2", "lessThan": "6.1.16.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.\u00a0\nNOTE: The vendor was contacted and it was learned that the product is not supported.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.<p>This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.&nbsp;\n<span>NOTE: The vendor was contacted and it was learned that the product is not supported.</span>\n\n</p>"}]}], "tags": ["unsupported-when-assigned"], "references": [{"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0467", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Talha YILDIZ", "type": "finder"}], "source": {"defect": ["TR-26-0467"], "advisory": "TR-26-0467", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8402", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-30T12:10:58.652129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T12:11:09.219Z"}}]}}

{}

{}

{"created": "2026-06-30T12:30:13.627361+00:00", "updated": "2026-06-30T12:30:13.627369+00:00", "vendors": []}