CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
-
Updated
Jun 4, 2026
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-54477: Admin Panel Missing Security Headers (clickjacking/XSS) - Gardyn (ICSA-26-183-03)
CVE-2026-13768: Privileged iothubowner IoT Hub credential — fleet enumeration, device RCE, home-network pivot — Gardyn (ICSA-26-183-03)
CVE-2026-55726: Publicly Listable Azure Blob Storage Container (device logs) - Gardyn (ICSA-26-183-03)
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-25197: Authorization Bypass via IDOR — Gardyn Home Kit (ICSA-26-055-03)
CISA Advisory ICSA-26-183-03 - Gardyn IoT Hub - 3 CVEs (companion to ICSA-26-055-03)
CVE-2025-1242: Hardcoded iothubowner Connection String — Gardyn Home Kit (ICSA-26-055-03)
CISA Advisory ICSA-26-055-03 (Update B) — Gardyn Home Kit IoT Vulnerabilities — 10 CVEs (companion advisory ICSA-26-183-03, +3 CVEs)
Add a description, image, and links to the gardyn topic page so that developers can more easily learn about it.
To associate your repository with the gardyn topic, visit your repo's landing page and select "manage topics."