An unauthenticated attacker with network access to a Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) can reach internal configuration pages directly and gain full administrative read/write control over the device.
What Is It
CVE-2026-9141 is a critical authentication bypass (CWE-306, Missing Authentication for Critical Function) in the embedded web configuration interface of the Taiko AG1000-01A SMS Alert Gateway. The interface lacks session management and server-side authentication checks, so attackers can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml without credentials. The CVE was published on 2026-05-20 and disclosed by VulnCheck.
Why It Matters
The flaw carries a CVSS 3.1 base score of 9.8 (Critical) and a CVSS 4.0 score of 9.3 (Critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, network-reachable, low complexity, no privileges, no user interaction, and high impact across confidentiality, integrity, and availability. Successful exploitation gives an attacker full administrative read and write access to the gateway, allowing unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions. For SMS alerting infrastructure used in operational environments, that means an attacker can silence, redirect, or fabricate alerts.
There is no CISA KEV entry for this CVE at the time of publication, so active in-the-wild exploitation is not confirmed by CISA.
What's Vulnerable
- Product: Taiko AG1000-01A SMS Alert Gateway
- Affected versions: Rev 7.3 and Rev 8
- Vulnerable component: Embedded web configuration interface
- Exposed endpoints cited in the advisory:
index.zhtml,point.zhtml,log.shtml - Root cause: No session management and no server-side authentication checks on internal application pages
No affected CPE entries are listed in the NVD record at this time.
Patch Status
The supplied NVD record does not indicate vendor patch availability or a fixed version, and no CISA KEV required-action deadline is associated with this CVE. Until vendor remediation is confirmed, operators should restrict network access to the gateway's web interface to trusted management networks only, based on the exposure described in the advisory.