Gardyn Cloud Api
6 CVEs affecting Gardyn Cloud Api. Latest disclosed: 2026-04-03. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-28766 | Critical | 9.3 | 2026-04-03 | A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. |
CVE-2026-25197 | Critical | 9.1 | 2026-04-03 | A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. |
CVE-2025-10681 | High | 8.6 | 2026-04-03 | Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire withi… |
CVE-2026-32646 | High | 7.5 | 2026-04-03 | A specific administrative endpoint is accessible without proper authentication, exposing device management functions. |
CVE-2026-28767 | Medium | 5.3 | 2026-04-03 | A specific administrative endpoint notifications is accessible without proper authentication. |
CVE-2026-32662 | Medium | 5.3 | 2026-04-03 | Development and test API endpoints are present that mirror production functionality. |