CVE-2026-34184

Missing Authorization in Hydrosystem Control System

CVSS 8.8 HIGHEPSS 0.3%CWE-862

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 abr 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in Hydrosystem Control System version 9.8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Hydrosystem · Control System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert.pl/posts/2026/04/CVE-2026-4901/https://www.hydrosystem.poznan.pl/