Critical

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability (CVE-2026-9141) in the embedded web configuration interface, allowing unauthenticated attackers to access internal application pages, modify alarm routing, and disrupt monitoring and control functions.

The Goobi viewer REST endpoint accepted an arbitrary Solr streaming expression from unauthenticated network clients, enabling attackers to read, modify, or delete the complete Solr index; this was resolved by removing the affected API endpoint.