GO-2026-4889 Fleet's unbounded request body read allows remote Denial of Service in github.com/fleetdm/fleet

Fleet's unbounded request body read allows remote Denial of Service in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

GO-2026-4888 Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4563 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet...

Privilege Escalation

github.com/fleetdm/fleet is vulnerable to privilege escalation. A premium users with access to the team features are facing post-authentication authorization leading to insecure access control. This vulnerability does not affect fleet instances without teams, or with teams but without restricted...

CVE-2022-24841

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...

Authorization

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...

CVE-2022-24841 Improper Authorization in github.com/fleetdm/fleet

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...

PT-2022-16915 · Fleetdm +1 · Fleet +1

Name of the Vulnerable Software and Affected Versions: fleetdm/fleet versions prior to 4.13 Description: The issue is an authorization bypass problem that affects all versions of fleetdm/fleet that use the teams feature. Fleet instances without teams or with teams but without restricted team...