CVE-2026-32646
HIGHGardyn Cloud API Missing Authentication for Critical Function
Title source: cnaDescription
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
Exploits (1)
nomisec
WRITEUP
1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-32646
Scores
CVSS v3
7.5
EPSS
0.0009
EPSS Percentile
24.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (2)
Gardyn/Cloud API
< 2.12.2026
mygardyn/cloud_api
< 2.12.2026
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026