GO-2026-4334 Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet

Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet...

📄 Apache bRPC 1.14.0 Command Injection

Apache bRPC versions 1.14.0 and below proof of concept command injection exploit that leverages exposed pprof endpoints. ============================================================================================================================================= | Title : Apache bRPC = 1.14.0...

CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

Fleet has an Access Control vulnerability in debug/pprof endpoints

Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Impact Fleet’s debug/pprof endpoints...