CVE-2026-34184CRITICAL 9.1EPSS p18.4%

CVE-2026-34184CVE-2026-34184

Description

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in Hydrosystem Control System version 9.8.5

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.27% probability of exploitation · percentile 18.4% · 2026-06-18T12:00:27Z
Published2026-04-09
Last modified2026-04-20

Underlying weaknesses· 1

CWE-862

References

  1. https://cert.pl/posts/2026/04/CVE-2026-4901/
  2. https://www.hydrosystem.poznan.pl/

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34185
CVE
CVE-2025-41734
CVE
CVE-2025-3365
CVE
CVE-2026-9645
CVE
CVE-2025-41736
CVE
CVE-2025-41368
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.