CVE-2026-32646

CVE-2026-32646 concerns the Gardyn Cloud API where administrative endpoints (e.g., /api/admin/) lack proper authentication, exposing device management and internal admin communications. Multiple connected sources (Red Hat, CVE/CVE list, Circle, CVE writeups, and PT-2026-30214) corroborate a patte...

CVE-2026-28767

CVE-2026-28767 affects Gardyn Cloud API: the administrative endpoint /api/admin/notifications is accessible without authentication. This allows information disclosure of internal administrative communications and related data. The documented remediation is to require admin authentication on all /...

CVE-2026-32662

Technical details about CVE-2026-32662 are not provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2026-25197

CVE-2026-25197 pertains to Gardyn Cloud API, where an endpoint allows an authenticated user to pivot to other user profiles by altering the id parameter in the API call. The underlying issue is an authorization bypass via a user-controlled key/id, enabling access to other profiles and potentially...

CVE-2026-28766

CVE-2026-28766 refers to Gardyn Cloud API missing authentication for a critical function. The initial description and related documents confirm that a specific endpoint exposes all user account information for registered Gardyn users without requiring authentication, enabling potential confidenti...