Every CVE whose affected-product data names Mygardyn Cloud Api, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-28766 — CVSS 9.3 (critical): A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
CVE-2026-25197 — CVSS 9.1 (critical): A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
CVE-2026-32646 — CVSS 7.5 (high): A specific administrative endpoint is accessible without proper authentication, exposing device management functions.