CVE-2026-28766 - Vulnerability Analysis

Overview

Gardyn contains an information disclosure vulnerability caused by an unauthenticated endpoint exposing all user account information, letting remote attackers access sensitive user data without authentication.

Severity & Score

Impact

Attackers can access all user account information without authentication, leading to significant data exposure.

Mitigation

Restrict access to the endpoint by implementing proper authentication and authorization controls.

References

• https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json
• https://mygardyn.com/security/
• https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner