CVE-2026-9144 is a high-severity stored cross-site scripting issue published on 2026-05-20. The supplied NVD record and linked VulnCheck disclosures describe a flaw in the embedded web configuration interface of the Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8, where an authenticated attacker can persist JavaScript by distributing a payload across multiple administrative form fields. The reported [truncated]
CRITICALTaiko Network Communications Pte Ltd.CVE published 2026-05-20
CVE-2026-9141 describes a critical authentication bypass in the embedded web configuration interface of Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8. According to the CVE record, unauthenticated network attackers can reach internal application pages without session management or server-side authentication checks, which can lead to full administrative read/write access and disruption of alarm routi [truncated]
CRITICALTaiko Network Communications Pte Ltd.CVE published 2026-05-20
CVE-2026-9139 is a critical authentication weakness in the Taiko AG1000-01A SMS Alert Gateway web configuration interface. According to the disclosed description, login.zhtml implements authentication entirely in client-side JavaScript and exposes static plaintext administrative credentials in the page source. That means an unauthenticated attacker who can reach the management interface may recover valid [truncated]
