CVE-2026-32662
Exposed Development API Endpoints Risk Unauthorized Access
Publication date: 2026-04-03
Last updated on: 2026-04-22
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mygardyn | cloud_api | to 2.12.2026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-489 | The product is released with debugging code still enabled or active. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The presence of development and test API endpoints that mirror production functionality can lead to unauthorized access or exploitation since these endpoints may not have the same security controls as production. This can result in information disclosure or other security risks, as indicated by the CVSS v3.1 score showing a low impact on confidentiality but no impact on integrity or availability.
Can you explain this vulnerability to me?
This vulnerability involves the presence of development and test API endpoints that mirror the functionality of the production environment. These endpoints are accessible and replicate production features, potentially exposing sensitive operations or data that should only be available in a secure production setting.