Authorization Bypass in Hydrosystem Control System by Hydrosystem
CVE-2026-34184

8.8HIGH

Key Information:

Vendor: Hydrosystem
Status: Control System
Vendor: CVE Published:; 9 April 2026

🔔 Create Hydrosystem Vulnerability Alert

What is CVE-2026-34184?

The Hydrosystem Control System lacks proper authorization enforcement for specific directories, allowing unauthorized users to access and read sensitive files. This flaw could enable an attacker to execute PHP scripts on the connected database, posing a significant risk to the integrity and security of the systems. The vulnerability has been addressed in version 9.8.5 of the Hydrosystem Control System, highlighting the importance of keeping software up to date to safeguard against such exploits.

Affected Version(s)

Control System 0 < 9.8.5

References

https://cert.pl/posts/2026/04/CVE-2026-4901/

third-party-advisory

https://www.hydrosystem.poznan.pl/

product

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 26, 2026

Credit

Jarosław "Jahrek" Kamiński - Securitum

CVE-2026-34184 Data

JSON