Sensitive Information Exposure in Hydrosystem Control System by Hydrosystem
CVE-2026-4901

6.9MEDIUM

Key Information:

Vendor: Hydrosystem
Status: Control System
Vendor: CVE Published:; 9 April 2026

🔔 Create Hydrosystem Vulnerability Alert

What is CVE-2026-4901?

The Hydrosystem Control System has a significant vulnerability where sensitive information, including user credentials, is inadvertently saved in log files. This enables potential attackers to gain unauthorized access to the system by leveraging these credentials. The situation is exacerbated by the existing vulnerabilities, which may allow unauthorized users to access this sensitive data. To address this security concern, the vulnerability was patched in version 9.8.5 of the Hydrosystem Control System, solidifying the need for users to promptly update their installations to safeguard against potential attacks.

Affected Version(s)

Control System 0 < 9.8.5

References

https://cert.pl/posts/2026/04/CVE-2026-4901/

third-party-advisory

https://www.hydrosystem.poznan.pl/

product

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 26, 2026

Credit

Jarosław "Jahrek" Kamiński - Securitum

CVE-2026-4901 Data

JSON