CVE-2026-32662

MEDIUM

Gardyn Cloud API Active Debug Code

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-32662. PoCs published by MichaelAdamGroberman.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-32662, which involves active debug code in production environments. It includes information on development API endpoints, historical credential leakage, and embedded development credentials in production builds.

Description

Development and test API endpoints are present that mirror production functionality.

Exploits (1)

nomisec WRITEUP 1 stars
by MichaelAdamGroberman · poc
https://github.com/MichaelAdamGroberman/CVE-2026-32662

This repository provides a detailed technical analysis of CVE-2026-32662, which involves active debug code in production environments. It includes information on development API endpoints, historical credential leakage, and embedded development credentials in production builds.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Gardyn Home Kit 1.0, 2.0, 3.0, 4.0; Gardyn Studio 1.0, 2.0; Cloud API < 2.12.2026
No auth needed
Prerequisites: Access to development API endpoints · Production mobile application or admin panel builds
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0032
EPSS Percentile 23.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-489
Status published
Products (2)
Gardyn/Cloud API < 2.12.2026
mygardyn/cloud_api < 2.12.2026
Published Apr 03, 2026
Tracked Since Apr 04, 2026