Sign in Get started

← All advisories

Critical severity9.3NVD Advisory· Published Apr 3, 2026· Updated Apr 22, 2026

CVE-2026-28766

CVE-2026-28766

Description

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.

Affected products

1

Mygardyn/Cloud API
cpe:2.3:a:mygardyn:cloud_api:*:*:*:*:*:*:*:*
Range: <2.12.2026

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.jsonnvdThird Party Advisory
mygardyn.com/security/nvdVendor Advisory
www.cisa.gov/news-events/ics-advisories/icsa-26-055-03nvdUS Government ResourceThird Party Advisory

News mentions

0

No linked articles in our index yet.