CVE-2026-54477
MEDIUMGardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-54477. PoCs published by MichaelAdamGroberman.
AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-54477, a missing security headers vulnerability in the Gardyn IoT Hub admin panel (admin.gardyn.io). The absence of CSP, X-Frame-Options, and other headers enables clickjacking and XSS attacks against authenticated admin sessions. No exploit code is included, but the writeup thoroughly documents the vulnerability mechanics and remediation.
Description
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
Exploits (1)
This repository provides a detailed technical analysis of CVE-2026-54477, a missing security headers vulnerability in the Gardyn IoT Hub admin panel (admin.gardyn.io). The absence of CSP, X-Frame-Options, and other headers enables clickjacking and XSS attacks against authenticated admin sessions. No exploit code is included, but the writeup thoroughly documents the vulnerability mechanics and remediation.
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N