Stored Cross-Site Scripting Vulnerability in Taiko AG1000-01A SMS Alert Gateway
CVE-2026-9144

8.4HIGH

Key Information:

Vendor: Taiko Network Communications Pte Ltd.
Status: Ag1000-01a Sms Alert Gateway
Vendor: CVE Published:; 20 May 2026

🔔 Create Taiko Network Communications Pte Ltd. Vulnerability Alert

What is CVE-2026-9144?

The Taiko AG1000-01A SMS Alert Gateway versions 7.3 and 8 introduce a stored cross-site scripting vulnerability via their embedded web configuration interface. This flaw allows authenticated attackers to execute persistent JavaScript by cleverly fragmenting malicious payloads across multiple administrative form fields. By utilizing JavaScript comments and template literals, attackers can bypass front-end length constraints, facilitating the concatenation of executable script fragments. These fragments are ultimately rendered within the administrative dashboard views, enabling persistent script execution during administrative sessions.

Affected Version(s)

AG1000-01A SMS Alert Gateway Rev 7.3

AG1000-01A SMS Alert Gateway Rev 8

AG1000-01A SMS Alert Gateway UM-AG1000_R7.2

References

https://medium.com/@forgetmen0t/multiple-vulnerabilities-...

technical-description

https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev...

third-party-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

Credit

Muhammad Imam Baguna

VulnCheck

CVE-2026-9144 Data

JSON