PT-2026-40969

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.82.0 Description A flaw in the Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. The software validates JWT JSON Web Token signatures using Microsoft's multi-tenant JWKS...

GO-2026-4335 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment in github.com/fleetdm/fleet

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment in github.com/fleetdm/fleet...

PT-2026-6510

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment in github.com/fleetdm/fleet...

CVE-2026-23518

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

CVE-2025-27509

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...

CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...

CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...

CVE-2025-27509

Fleet has a SAML authentication vulnerability (CVE-2025-27509) due to improper SAML response validation in fleetdm/fleet. In vulnerable versions, an attacker could forge authentication assertions, potentially provisioning a new administrative user under JIT provisioning or creating accounts tied ...

MDM Enrollment Fails Consistently On iOS 14 Devices On Citrix Endpoint Management (On-Prem)

MDM Enrollment Fails Consistently On iOS 14 Devices On Citrix Endpoint Management Server On-Prem...

You receive an error: "No tenant identifying information found in either the request or implied by any provided credentials" when integrated with Intune and Secure Hub is in use.

When enrolling in to Citrix Endpoint Management for MDM, if the deployment is integrated with Intune for MAM, you may experience the following error and behaviour. Without Secure Hub installed using Intune MAM only, then no problems are seen. When Secure Hub is installed and enrolled for MDM with...

MDM/MAM Enrollment flow for Secure Hub IOS devices-On Prem Setup.

This article explains the MDM/MAM Enrollment flow for IOS devices for-On Prem Setup...

MDM/MAM Enrollment flow for Secure Hub Android devices-On Cloud Setup.

This article explains the MDM/MAM Enrollment flow for Android devices for-On Cloud Setup Where XMS Load Balance on cloud and Netscaler Gateway is on Premise...

"Access to your company network is not currently available" Error message while accessing Secure Hub XenMobile Store

Attempts to access the Store in Secure Hub causes an error "Access to your company network is not currently available". Please find the snapshot of an error message. Logs 2017-08-04T16:21:53.886+0200 ",X1AuthController,INFO 4,-AuthController getCertificateForURL:callback:,"Providing the certifica...

FAQ: XenMobile Per App VPN

Can Per App VPN be configured for MAM only devices No, Per App VPN does not support MAM only devices. With the iOS per app-VPN feature, you can leverage the VPN profile in conjunction with the Citrix VPN app on a XenMobile-managed iOS device. There, you can establish an on-demand VPN tunnel to th...

How to Enable Azure Active Directory Enrollment of Windows 10 Devices with XenMobile

When a Windows device is joined to Azure Active Directory, the device can be automatically enrolled in XenMobile. To enable this, add the XenMobile enrollment URL to Azure Active Directory as detailed in this article. You can join Windows 10 devices to Microsoft Azure AD in any of the following...

MDM enrollment failing for iOS and Android devices, but MAM enrollment works fine

On iOS, the enrollment fails during the second profile installation - The error is "Profile installation failed: profile failed to install" On Android, you see "Access to your company network is not available" Enrolling directly against the Gateway MAM works fine. The server-side logs are showing...