NVD CRITICAL: CVE-2026-9139 — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede...

Wednesday, May 20, 2026 at 08:16 PM UTC·Source: NIST NVD

Updated: Wednesday, May 20, 2026 at 09:00 PM UTC

Executive Summary

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-s

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9139

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 20, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Cyber Pros Can't Decide If AI Is a Good or a Bad Thing

There is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI.

1h agoDark Reading

MEDIUMVulnerability

Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

1h agoDark Reading

CRITICALVulnerability

NVD CRITICAL: CVE-2026-9141 — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication ...

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log

CVE-2026-9141

1h agoNIST NVD