www.cisa.gov 7/2/2026, 5:13:14 PM · external

Gardyn IoT Hub bugs expose smart gardens to remote hijack

CyberSIXT Evidence Panel
Primary Source github.com
CISA KEV Not in KEV
Patch Patch Status Unknown

THE CISA advisory ICSA-26-183-03, released on July 2, 2026, highlights critical vulnerabilities in the Gardyn IoT Hub that allow unauthorized access and control over managed devices. Affected versions include Gardyn Home Firmware, Studio Firmware, and Cloud API versions less than 2.12.2026, with vulnerabilities stemming from hard-coded credentials, exposure of sensitive information, and inadequate security headers.

The CVSS scores range from 5.3 to 10, indicating significant risk, particularly CVE-2026-13768, which allows command execution on connected devices. Mitigations include ensuring internet connectivity for devices to receive automatic updates, and users are encouraged to use the most recent version of the Gardyn app. CISA recommends defensive practices to protect ICS systems and advises organizations to report suspicious activities.

View Primary Source Via www.cisa.gov

Article by CyberSIXT