CISA Advisory ICSA-26-183-03 - Gardyn IoT Hub - 3 CVEs (companion to ICSA-26-055-03)
-
Updated
Jul 2, 2026
CISA Advisory ICSA-26-183-03 - Gardyn IoT Hub - 3 CVEs (companion to ICSA-26-055-03)
CVE-2026-54477: Admin Panel Missing Security Headers (clickjacking/XSS) - Gardyn (ICSA-26-183-03)
CVE-2026-55726: Publicly Listable Azure Blob Storage Container (device logs) - Gardyn (ICSA-26-183-03)
CVE-2026-13768: Privileged iothubowner IoT Hub credential — fleet enumeration, device RCE, home-network pivot — Gardyn (ICSA-26-183-03)
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-25197: Authorization Bypass via IDOR — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2025-1242: Hardcoded iothubowner Connection String — Gardyn Home Kit (ICSA-26-055-03)
CISA Advisory ICSA-26-055-03 (Update B) — Gardyn Home Kit IoT Vulnerabilities — 10 CVEs (companion advisory ICSA-26-183-03, +3 CVEs)
Add a description, image, and links to the gardyn topic page so that developers can more easily learn about it.
To associate your repository with the gardyn topic, visit your repo's landing page and select "manage topics."