CVE-2026-13768

CRITICAL

Gardyn IoT Hub Use of Hard-coded Credentials

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-13768. PoCs published by MichaelAdamGroberman.

AI-analyzed exploit summary This repository provides a detailed technical writeup of CVE-2026-13768, a critical hard-coded credential vulnerability in Gardyn IoT Hub (Azure IoT Hub control plane). The writeup explains how the `iothubowner` shared-access key enables fleet-wide enumeration, per-device RCE via cloud-to-device methods, and lateral movement into home networks. No exploit code is included, but the analysis is thorough and references coordinated disclosure with CERT/CC and CISA.

Description

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network.

Exploits (1)

github WRITEUP
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-13768

This repository provides a detailed technical writeup of CVE-2026-13768, a critical hard-coded credential vulnerability in Gardyn IoT Hub (Azure IoT Hub control plane). The writeup explains how the `iothubowner` shared-access key enables fleet-wide enumeration, per-device RCE via cloud-to-device methods, and lateral movement into home networks. No exploit code is included, but the analysis is thorough and references coordinated disclosure with CERT/CC and CISA.

Classification
Writeup 99%
Attack Type
Auth Bypass | Rce | Info Leak | Other
Complexity
Moderate
Reliability
Reliable
Target: Gardyn Home Kit and Gardyn Studio (Home Firmware < master.627, Studio Firmware < master.627, Cloud API < 2.12.2026)
No auth needed
Prerequisites: Access to the `iothubowner` shared-access key (exposed via CVE-2025-1242) · Network access to Azure IoT Hub control plane
mistral-large-3 · analyzed Jul 03, 2026 Full analysis →

Scores

CVSS v3 10.0
EPSS 0.0056
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-798
Status published
Products (3)
Gardyn/Gardyn Cloud API < 2.12.2026
Gardyn/Gardyn Home Firmware < master.627
Gardyn/Gardyn Studio Firmware < master.627
Published Jul 03, 2026
Tracked Since Jul 03, 2026