Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable admin panel with no attacker privileges required, but admin user interaction mandatory; limited confidentiality and integrity impact, no availability or scope-change effect.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
AnalysisAI
Missing HTTP security headers in the Gardyn admin panel expose Gardyn Home Firmware, Gardyn Studio Firmware, and Gardyn Cloud API to clickjacking and cross-site scripting attacks against authenticated administrators. The absence of directives such as X-Frame-Options, Content-Security-Policy frame-ancestors, and script-source restrictions allows an attacker to embed the admin panel in a malicious iframe or inject client-side scripts into the admin session context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must be an authenticated Gardyn administrator with an active browser session on the admin panel - the attacker requires no credentials or elevated access of their own (PR:N per the CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.1 (Medium) reflects the meaningful but bounded nature of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a Gardyn administrator's email, sends a phishing message with a link to an attacker-controlled page, and embeds the Gardyn admin panel in a transparent iframe overlaid on a deceptive UI - tricking the admin into clicking buttons that modify device settings or cloud API configurations (clickjacking). Alternatively, if an XSS injection point exists in the admin panel (enabled by the absent CSP), the attacker delivers a crafted URL that executes JavaScript in the admin's session, exfiltrating session tokens to the attacker's server. … |
| Remediation | No specific patched version is confirmed from available data - all CPE entries use wildcard versioning. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gardyn Home Firmware
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41466
GHSA-9qxq-9wpj-4f86