PT-2026-55338 · Gardyn · Gardyn Studio+1

Published

2026-07-02

·

Updated

2026-07-03

·

CVE-2026-13768

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Name of the Vulnerable Software and Affected Versions Gardyn Home Kit and Studio devices (affected versions not specified)
Description A hardcoded iothubowner key in the IoT Hub allows unauthenticated attackers to invoke the IoTHub Registry Manager function. This action exposes connection information for all connected devices and enables the execution of arbitrary commands on specific devices. Furthermore, this access may allow an attacker to pivot to other devices within the user's local network.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13768

Affected Products

Gardyn Home Kit
Gardyn Studio