HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-8402Published Modified CNA TR-CERT

CVE-2026-8402: SQLi in Exagate's SYSGUARD 6001

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.  NOTE: The vendor was contacted and it was learned that the product is not supported.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
6.1.16.0
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A blind SQL injection vulnerability affects Eksagate SYSGUARD 6001 versions from 2.0.2 up to but not including 6.1.16.0. The flaw is reachable over the network with no authentication required, meaning any attacker who can reach the service can send crafted input to manipulate the underlying database queries without triggering visible error responses. Successful exploitation gives an attacker the ability to read, modify, and destroy data in the database, and to disrupt availability of the service. A patched-image rebuild at version 6.1.16.0 is available on HarborGuard for affected environments, though customers should note the vendor has indicated the product is no longer actively supported.

HarborGuard Coverage

Detection

Detection of CVE-2026-8402 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds including TR-CERT, covering both third-party and custom-built images that include affected SYSGUARD 6001 versions. Any image in a connected registry or CI/CD pipeline running a version from 2.0.2 before 6.1.16.0 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the CVSS v3.1 vector, and triage surfaces it with that severity weighting applied against each customer's compliance policy so that teams with stricter posture requirements see it prioritized accordingly. Findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at version 6.1.16.0 becomes available on HarborGuard for any environment running an affected version of SYSGUARD 6001. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test pass, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the SYSGUARD 6001 service over the network, as the vulnerability is exposed via a network-accessible interface (AV:N).

  • AuthenticationNot required

    No account or credentials of any kind are needed to send malicious SQL payloads to the vulnerable endpoint (PR:N).

  • Victim interactionNot required

    The attacker does not need any action from a user or operator to trigger the injection; the exploit is fully self-contained (UI:N).

  • Attack complexityDetail

    Exploitation is reliable and condition-free, requiring no race conditions, special memory layout, or environmental prerequisites (AC:L).

Blast Radius

  • An attacker reads arbitrary data from the underlying database, including stored credentials, session tokens, and any records the application manages.
  • An attacker modifies or deletes persisted database rows, corrupting application state or destroying stored records.
  • An attacker disrupts availability of the SYSGUARD 6001 service by issuing destructive or resource-exhausting SQL operations against the database.
  • Because the vendor has stated the product is no longer supported, future vulnerability disclosures in the same product line will not receive official remediation beyond the 6.1.16.0 release.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image containing SYSGUARD 6001 versions from 2.0.2 before 6.1.16.0, and a rebuilt image at 6.1.16.0 is made available immediately. For customers who opt into auto-remediation, the median time from CVE publication to a merged patch PR for critical-severity issues is around 90 minutes, covering the rebuild, regression run, and PR opened against affected workloads. Customers should be aware that the vendor has disclosed the product is no longer actively supported, which means 6.1.16.0 is likely the final release; HarborGuard will continue monitoring the advisory for any further upstream activity. Where compliance policy or operational constraints prevent immediate upgrading, compensating controls such as network-policy isolation to restrict inbound access to the SYSGUARD 6001 service, egress filtering to limit data exfiltration paths, and web application firewall rules targeting SQL injection patterns at the ingress layer are worth evaluating as interim measures.

See how HarborGuard automates this

Fix available

6.1.16.0
Affected packages
  • Eksagate Electronic Engineering and Computer Industry Trade Inc. / SYSGUARD 6001
    < 6.1.16.0 (from 2.0.2)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References