CVE-2026-28766

CRITICAL

Gardyn Cloud API Missing Authentication for Critical Function

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-28766. PoCs published by MichaelAdamGroberman.

AI-analyzed exploit summary This repository contains detailed technical writeups for multiple CVEs, including CVE-2025-10681 and CVE-2025-1242, which involve hardcoded credentials in Gardyn's firmware and mobile applications. The writeups provide in-depth analysis of the vulnerabilities, exposure vectors, and remediation steps.

Description

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.

Exploits (2)

nomisec WRITEUP 1 stars

by MichaelAdamGroberman · poc

https://github.com/MichaelAdamGroberman/ICSA-26-055-03

View Code ZIP pw:eip

This repository contains detailed technical writeups for multiple CVEs, including CVE-2025-10681 and CVE-2025-1242, which involve hardcoded credentials in Gardyn's firmware and mobile applications. The writeups provide in-depth analysis of the vulnerabilities, exposure vectors, and remediation steps.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Gardyn Home Kit 1.0, 2.0, 3.0; Gardyn Studio 1.0, 2.0

No auth needed

Prerequisites: Access to the device firmware or mobile application · Network access to the exposed API endpoints

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 07, 2026 Full analysis →

nomisec WRITEUP 1 stars

by MichaelAdamGroberman · poc

https://github.com/MichaelAdamGroberman/CVE-2026-28766

View Code ZIP pw:eip

This repository contains a detailed technical analysis of CVE-2026-28766, an unauthenticated information disclosure vulnerability in the Gardyn Cloud API. The writeup includes vulnerability details, exposed data fields, impact assessment, and remediation recommendations.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Gardyn Cloud API < 2.12.2026

No auth needed

Prerequisites: Network access to the vulnerable endpoint

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3

Core References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

https://mygardyn.com/security/

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json

View Writeup ZIP pw:eip

Scores

CVSS v3 9.3

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

Gardyn/Cloud API < 2.12.2026

mygardyn/cloud_api < 2.12.2026

Published Apr 03, 2026

Tracked Since Apr 04, 2026