CVE-2026-4901

EUVD-2026-20888 MEDIUM

2026-04-09 CERT-PL

GHSA-f43w-3fr5-h2m3

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 09, 2026 - 10:00 vuln.today

EUVD ID Assigned

Apr 09, 2026 - 10:00 euvd

EUVD-2026-20888

CVE Published

Apr 09, 2026 - 09:40 nvd

MEDIUM 6.9

Description

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5

Analysis

Hydrosystem Control System versions prior to 9.8.5 log user credentials in plaintext to accessible log files, enabling authenticated attackers with administrative privileges to extract valid credentials for lateral movement and privilege escalation. This vulnerability is particularly critical when chained with CVE-2026-34184, which may enable unauthorized access to those logged credentials. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: 0

CVE-2026-4901 vulnerability details – vuln.today

Back

CVE-2026-4901

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-4901

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code