138,000 Root-Accessible Linux IoT Devices Exposed on US Home and School Networks
The Cybersecurity and Infrastructure Security Agency published advisory ICSA-26-055-03 on February 24, 2026, followed by Update A on April 2. The advisory outlines 10 CVEs affecting Gardyn’s IoT smart garden platform. In total, 138,160 Linux IoT devices were exposed across US homes and K–12 schools. Several of the vulnerabilities are rated critical, with CVSS scores reported as high as 9’s…