THE Gardyn IoT Hub has three critical vulnerabilities (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) that can affect its smart gardening devices, with CVE-2026-13768 scoring 10.0 (critical) on the CVSS scale, enabling remote code execution via hard-coded credentials. No exploitation has been confirmed, but patches are available, urging users to update to master.627 and 2.12.2026 versions.
The flaws expose sensitive information and increase the risk of malicious access, especially with over 138,000 devices registered. Maintenance of security practices, such as keeping devices off public networks, is recommended.