CVE-2026-55726
MEDIUMGardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-55726. PoCs published by MichaelAdamGroberman.
AI-analyzed exploit summary This repository provides a detailed technical writeup of CVE-2026-55726, an information disclosure vulnerability in Gardyn IoT Hub's Azure Blob Storage container. The container `device-log` was publicly listable, exposing sensitive device logs, SSIDs, and system configurations without authentication.
Description
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.
Exploits (1)
This repository provides a detailed technical writeup of CVE-2026-55726, an information disclosure vulnerability in Gardyn IoT Hub's Azure Blob Storage container. The container `device-log` was publicly listable, exposing sensitive device logs, SSIDs, and system configurations without authentication.
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N