CVE-2026-8403
MediumCVSS 6.1Summary
A stored cross-site scripting (XSS) vulnerability was found in Eksagate SYSGUARD 6001 due to improper input neutralization during web page generation. It affects versions from 2.0.2 up to (but not including) 6.1.4.0. The vendor was contacted and confirmed the product is no longer supported.
Risk Assessment
An attacker can inject a malicious script that executes in users' browsers, potentially leading to session theft, account takeover, or data leakage. The lack of vendor support means no patch will be released.
Recommendation
Immediately decommission SYSGUARD 6001 and replace it with a supported alternative. If that is not possible, restrict access to the web interface to trusted networks and users only.
Original NVD description (English source)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it was learned that the product is not supported.

