CVE-2026-28767

MEDIUM

Gardyn Cloud API Missing Authentication for Critical Function

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28767. PoCs published by MichaelAdamGroberman.

AI-analyzed exploit summary This repository contains a detailed technical writeup for CVE-2026-28767, which describes an unauthenticated access vulnerability in the Gardyn Cloud API's administrative notifications endpoint. The writeup includes vulnerability details, impact analysis, remediation steps, and references to official advisories.

Description

A specific administrative endpoint notifications is accessible without proper authentication.

Exploits (1)

nomisec WRITEUP 1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-28767

This repository contains a detailed technical writeup for CVE-2026-28767, which describes an unauthenticated access vulnerability in the Gardyn Cloud API's administrative notifications endpoint. The writeup includes vulnerability details, impact analysis, remediation steps, and references to official advisories.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Gardyn Cloud API < 2.12.2026
No auth needed
Prerequisites: Network access to the target API endpoint
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0038
EPSS Percentile 29.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (2)
Gardyn/Cloud API < 2.12.2026
mygardyn/cloud_api < 2.12.2026
Published Apr 03, 2026
Tracked Since Apr 04, 2026