Description
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
Published: 2026-04-03
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch Now
AI Analysis

Impact

The vulnerability occurs in a Gardyn Cloud API endpoint that allows a user who has already authenticated to alter the identifier field in a request. The user can specify a different user ID, causing the system to process the action on behalf of that other account and bypass the intended authorization checks. This mechanism gives the attacker unauthorized access to personal data and to control of devices tied to the targeted profile, representing a classic privilege escalation through role conflict (CWE‑639).

Affected Systems

This weakness affects the Gardyn Cloud API and all components that utilize it, notably the Gardyn mobile application and the Gardyn Home firmware. The fix is included in the latest release of the Gardyn App, and any device firmware before master.622 remains vulnerable. Users should verify that their application and firmware versions are up to date to determine if they are exposed.

Risk and Exploitability

The CVSS base score of 9.3 signals a severe risk. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, so the real-world likelihood of exploitation is uncertain. Based on the description, it is inferred that an attacker must first obtain an authenticated session with the Gardyn Cloud, either through credential compromise or social engineering, before being able to craft the API call with a manipulated ID. Once authenticated, the attacker can pivot to other user profiles, potentially gaining full control over the accessed account and its connected devices. The likely attack vector is remote, via the Gardyn Cloud API, and does not require local access to the target device.

Generated by OpenCVE AI on April 3, 2026 at 23:52 UTC.

Remediation

Vendor Solution

Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App. For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.

OpenCVE Recommended Actions

  • Upgrade the Gardyn mobile application to the most recent available version.
  • Update Gardyn Home firmware to master.622 or later on all home kit and studio devices.
  • Ensure all devices remain connected to the Internet so automatic firmware updates can be downloaded and applied.

Generated by OpenCVE AI on April 3, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Mygardyn
Mygardyn cloud Api
CPEs cpe:2.3:a:mygardyn:cloud_api:*:*:*:*:*:*:*:*
Vendors & Products Mygardyn
Mygardyn cloud Api

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Gardyn
Gardyn cloud Api
Vendors & Products Gardyn
Gardyn cloud Api

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
Title Gardyn Cloud API Authorization Bypass Through User-Controlled Key
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gardyn Cloud Api
Mygardyn Cloud Api
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-07T14:20:31.044Z

Reserved: 2026-03-17T20:12:55.156Z

Link: CVE-2026-25197

cve-icon Vulnrichment

Updated: 2026-04-07T14:20:27.590Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T21:17:09.867

Modified: 2026-04-22T18:08:00.783

Link: CVE-2026-25197

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T22:22:21Z

Weaknesses