CVE-2026-9144

Name of the Vulnerable Software and Affected Versions Taiko AG1000-01A SMS Alert Gateway version 7.3 Taiko AG1000-01A SMS Alert Gateway version 8

Description The embedded web configuration interface contains a stored cross-site scripting (XSS) issue, which is a flaw that allows an attacker to inject malicious scripts into a web page viewed by other users. Authenticated attackers can execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields. By using JavaScript comments and template literals, attackers can bypass front-end length restrictions to concatenate executable script fragments. These fragments are then rendered in administrative dashboard views, such as the 'index.zhtml' endpoint, leading to persistent script execution within administrative sessions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.