CVE-2026-34185

HIGH

SQL Injection in Hydrosystem Control System

Title source: cna

Description

Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control System version 9.8.5

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory

https://cert.pl/posts/2026/04/CVE-2026-4901/

Product product

https://www.hydrosystem.poznan.pl/

Scores

CVSS v3 8.8

EPSS 0.0029

EPSS Percentile 20.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

Hydrosystem/Control System < 9.8.5

hydrosystem.poznan/control_system < 9.8.5

Published Apr 09, 2026

Tracked Since Apr 09, 2026