Vulnerability in Gardyn Cloud Api
CVE-2026-13768
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to thi…
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L.
Affected products
- Gardyn Cloud Api — versions 0
- Gardyn Home Firmware — versions 0
- Gardyn Studio Firmware — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2026-13768?
- CVE-2026-13768 is a critical-severity vulnerability in Gardyn Cloud Api, classified under Use of Hard-coded Credentials. CVSS score: 10.0/10. Published 2026-07-03.
- How severe is CVE-2026-13768?
- Critical severity. CVSS v3 base score is 10.0 out of 10.
- Is CVE-2026-13768 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.