CVE-2026-34185HIGH 8.8EPSS p20.5%

CVE-2026-34185CVE-2026-34185

Description

Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control System version 9.8.5

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.5% · 2026-06-18T12:00:27Z
Published2026-04-09
Last modified2026-04-20

Underlying weaknesses· 1

CWE-89

References

  1. https://cert.pl/posts/2026/04/CVE-2026-4901/
  2. https://www.hydrosystem.poznan.pl/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34184
CVE
CVE-2025-23176
CVE
CVE-2025-52694
CVE
CVE-2025-59389
CVE
CVE-2025-40886
CVE
CVE-2026-34176
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.