CVE-2026-32646
HIGHGardyn Cloud API Missing Authentication for Critical Function
Title source: cnaDescription
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
Exploits (1)
nomisec
1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-32646
Scores
CVSS v3
7.5
EPSS
0.0007
EPSS Percentile
20.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
Gardyn/Cloud API
< 2.12.2026
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026