{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-8402: SQLi in Exagate's SYSGUARD 6001","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-8402","status":"final","version":"1","initial_release_date":"2026-06-30T11:36:49.530Z","current_release_date":"2026-06-30T12:11:17.691Z","revision_history":[{"date":"2026-06-30T11:36:49.530Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. \nNOTE: The vendor was contacted and it was learned that the product is not supported.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-8402 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-8402"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-8402"},{"category":"external","summary":"siberguvenlik.gov.tr","url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0467"}]},"product_tree":{"branches":[{"category":"vendor","name":"Eksagate Electronic Engineering and Computer Industry Trade Inc.","branches":[{"category":"product_name","name":"SYSGUARD 6001","branches":[{"category":"product_version_range","name":">=2.0.2 <6.1.16.0","product":{"name":"Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 >=2.0.2 <6.1.16.0","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:eksagate_electronic_engineering_and_computer_industry_trade_inc.:sysguard_6001:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-8402","title":"SQLi in Exagate's SYSGUARD 6001","notes":[{"category":"description","text":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.\n\nThis issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. \nNOTE: The vendor was contacted and it was learned that the product is not supported.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 6.1.16.0.","product_ids":["CSAFPID-1"]}]}]}