Skip to main content

Gardyn Cloud API CVE-2026-55726

| EUVDEUVD-2026-41465 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-07-02 icscert GHSA-pfg9-vjvh-f5rw
6.9
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-accessible unauthenticated cloud listing with low confidentiality impact only; no integrity, availability, or scope-change impact supported by description.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Patch available
Jul 03, 2026 - 02:01 EUVD
Analysis Generated
Jul 03, 2026 - 00:27 vuln.today
CVSS changed
Jul 03, 2026 - 00:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)
CVSS changed
Jul 03, 2026 - 00:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)
CVE Published
Jul 02, 2026 - 23:49 cve.org
MEDIUM 6.9

DescriptionCVE.org

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.

AnalysisAI

Unauthenticated public listing of an Azure Blob Storage container exposes device log files across the entire Gardyn smart garden fleet to any internet-accessible actor. The misconfiguration affects all versions of Gardyn Home Firmware, Gardyn Studio Firmware, and the Gardyn Cloud API, meaning no specific patched version bounds the exposure - it is architectural rather than release-specific. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover Gardyn Azure Blob Storage container URL
Delivery
Send unauthenticated HTTP LIST request
Exploit
Enumerate all device log file names across fleet
Execution
Download targeted device log files
Persist
Extract device identifiers and operational telemetry
Impact
Leverage data for follow-on device targeting

Vulnerability AssessmentAI

Exploitation No special conditions are required for exploitation - the Azure Blob Storage container is publicly listable and readable over the internet without any authentication, account, or device ownership. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 (Medium) with vector AV:N/AC:L/AT:N/PR:N/UI:N reflects trivial internet-accessible exploitation with no authentication, no complexity, and no user interaction required. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies the Gardyn Azure Blob Storage container URL through firmware reverse engineering, passive DNS enumeration, or certificate transparency log analysis, then issues a standard unauthenticated HTTP GET with a list-blobs operation to enumerate all device log filenames across the fleet. Without any credentials or special tooling, the attacker iterates through the file list and downloads log files from individual Gardyn devices, extracting device identifiers, operational telemetry, and potentially Wi-Fi network or configuration data that could be used for follow-on targeting of specific IoT devices. …
Remediation The primary fix is reconfiguring the Azure Blob Storage container to remove public list and read permissions, setting the container to private access and enforcing authenticated access via Azure Shared Access Signatures (SAS) or Azure Active Directory (Entra ID) role-based access control. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55726 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy