CVE-2026-4901

MEDIUM

Insertion of Sesitive Information into Log File in Hydrosystem Control System

Title source: cna

Description

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5

References (2)

[Third Party Advisory] https://cert.pl/posts/2026/04/CVE-2026-4901/

[Product] https://www.hydrosystem.poznan.pl/

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-532

Status published

Products (2)

Hydrosystem/Control System < 9.8.5

hydrosystem.poznan/control_system < 9.8.5

Published Apr 09, 2026

Tracked Since Apr 09, 2026