CVE-2026-32646
Unauthenticated Access to Administrative Endpoint Exposes Device Management
Publication date: 2026-04-03
Last updated on: 2026-04-22
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mygardyn | cloud_api | to 2.12.2026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows access to a specific administrative endpoint without proper authentication, exposing device management functions. Such unauthorized access can lead to exposure of sensitive data or unauthorized control over device functions.
As a result, this vulnerability could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information.
Can you explain this vulnerability to me?
This vulnerability involves a specific administrative endpoint that can be accessed without proper authentication. This means that unauthorized users can reach device management functions that should normally be protected.
How can this vulnerability impact me? :
Because the administrative endpoint is accessible without authentication, attackers could potentially access and manipulate device management functions. This could lead to unauthorized control or changes to the device, compromising its security and operation.