All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-13768
CRITICALpublished 2026-07-03 00:16 UTC · 2 days ago
9.5
CVSS / 10
// description
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network.
// weaknesses (CWE)
- CWE-798