Remote Manipulation of Gas Line Odorization in Linc Energy Systems Product
CVE-2026-4436

8.6HIGH

Key Information:

Vendor: Gpl Odorizers
Status: Gpl750 (xl4); Gpl750 (xl4 Prime); Gpl Odorizers Gpl750 (xl7); Gpl Odorizers Gpl750 (xl7 Prime)
Vendor: CVE Published:; 9 April 2026

🔔 Create Gpl Odorizers Vulnerability Alert

What is CVE-2026-4436?

A vulnerability exists in the Gas Line Odorization System by Linc Energy Systems that allows low-privileged remote attackers to send specially crafted Modbus packets. This enables them to manipulate the register values controlling the odorant injection logic, potentially resulting in excessive or insufficient odorant being injected into gas lines. Such an alteration could compromise safety protocols designed to detect gas leaks, thereby heightening the risk of dangerous situations.

Affected Version(s)

GPL Odorizers GPL750 (XL7 Prime) v18.4

GPL Odorizers GPL750 (XL7) v13.0

GPL750 (XL4 Prime) v4.0

References

https://lincenergysystems-my.sharepoint.com/:f:/p/h_baer/...

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 19, 2026

Credit

An anonymous researcher reported this vulnerability to CISA.

CVE-2026-4436 Data

JSON