CVE-2026-4901 MEDIUM

CVE-2026-4901: Insertion of Sesitive Information into Log File in Hydrosystem Control System

Vendor Hydrosystem
Product Control System
Weakness CWE-532 · Sensitive info in logs
Published April 9, 2026
Last update April 9, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5

Key dates

02Disclosure timeline

April 9, 2026 CVE published
April 9, 2026 Record updated