CVE-2026-4901

EUVD-2026-20888
Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
hydrosystem.poznancontrol_system
𝑥
< 9.8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/posts/2026/04/CVE-2026-4901/
https://www.hydrosystem.poznan.pl/