Information disclosure in Hydrosystem Control System

CVE-2026-4901

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these se…

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.

Affected products

Hydrosystem Control System — versions 0

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

cert.pl/posts/2026/04/CVE-2026-4901/ (third-party-advisory)
www.hydrosystem.poznan.pl/ (product)