How to Update Your Gardyn Device
Steps to verify the device is running the fix versions stated in CISA advisory ICSA-26-055-03 (Update A).
Fix versions per CISA Update A
| Component | Vulnerable version range (per CISA) | Fix version (per CISA Update A) |
|---|---|---|
| Gardyn mobile application | Below 2.11.0 | 2.11.0 or later |
| Gardyn cloud API | Below 2.12.2026 | 2.12.2026 or later (server-side) |
| Gardyn Home Kit firmware | Below master.622 | master.622 or later |
Note on master.619 and master.622
On February 24, 2026, Gardyn announced firmware master.619 in its customer-facing security update post. Per CISA Update A (April 2, 2026) and per the researcher’s coordinated-disclosure repository, CVE-2025-29631 is remediated in firmware master.622 (the version released after master.619). The fix version stated in CISA Update A is master.622. See vendor public statements discrepancies.
How updates are delivered, per Gardyn
Per Gardyn’s customer-facing post, fixes were deployed to all Gardyn devices that were connected to the internet and are applied automatically when a device comes online. Per the same post, devices that have been offline are stated to receive updates as soon as they reconnect.
Steps to verify the firmware and app version
- Open the Gardyn mobile app.
- Confirm the device is online. Per Gardyn’s post, switching the lights of the Gardyn on or off from the app indicates the device is online and reachable.
- In the Gardyn mobile app: Settings → Advanced. Confirm firmware version
master.622or later. - In the Gardyn mobile app: Settings → Advanced. Confirm mobile app version
2.11.0or later. - If a device has been offline, per Gardyn’s post the update is applied when it reconnects.
Gardyn-stated support contacts
Per Gardyn’s customer-facing post, customers observing unexplained device behavior are directed to contact Gardyn Support:
- Gardyn Support email: support@mygardyn.com
- Gardyn Support phone: 844-4-GARDYN (844-442-7396)
- Gardyn Help Center: help.mygardyn.com
CISA-stated network mitigations
Per CISA, general guidance for IoT devices includes:
- Minimize internet exposure for IoT devices; do not place them on a network segment directly reachable from the internet.
- Place IoT devices behind a firewall and isolate them from business or sensitive home networks.
- If remote access is required, use updated VPN software rather than direct internet exposure.