THE CISA advisory ICSA-26-183-03, released on July 2, 2026, highlights critical vulnerabilities in the Gardyn IoT Hub that allow unauthorized access and control over managed devices. Affected versions include Gardyn Home Firmware, Studio Firmware, and Cloud API versions less than 2.12.2026, with vulnerabilities stemming from hard-coded credentials, exposure of sensitive information, and inadequate security headers.
The CVSS scores range from 5.3 to 10, indicating significant risk, particularly CVE-2026-13768, which allows command execution on connected devices. Mitigations include ensuring internet connectivity for devices to receive automatic updates, and users are encouraged to use the most recent version of the Gardyn app. CISA recommends defensive practices to protect ICS systems and advises organizations to report suspicious activities.