CVE-2026-28766
CRITICALGardyn Cloud API Missing Authentication for Critical Function
Title source: cnaDescription
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
Exploits (2)
nomisec
WRITEUP
1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/ICSA-26-055-03
nomisec
WRITEUP
1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-28766
Scores
CVSS v3
9.3
EPSS
0.0008
EPSS Percentile
23.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Details
CWE
CWE-306
Status
published
Products (2)
Gardyn/Cloud API
< 2.12.2026
mygardyn/cloud_api
< 2.12.2026
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026