CVE-2026-28767

MEDIUM

Gardyn Cloud API Missing Authentication for Critical Function

Title source: cna

Description

A specific administrative endpoint notifications is accessible without proper authentication.

Exploits (1)

nomisec WRITEUP 1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-28767

References (3)

Scores

CVSS v3 5.3
EPSS 0.0006
EPSS Percentile 17.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-306
Status published
Products (2)
Gardyn/Cloud API < 2.12.2026
mygardyn/cloud_api < 2.12.2026
Published Apr 03, 2026
Tracked Since Apr 04, 2026