Fleet Access Control Error Vulnerability (CNVD-2026-16814)

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...

PT-2026-29939

A Fleet team maintainer can transfer hosts from any team via missing source team authorization in github.com/fleetdm/fleet...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the host transfer API due to missing authorization checks on the source team. An attacker can gain unauthorized control over hosts belonging to other teams by initiating a transfer, resulting in the ability to...

A Fleet team maintainer can transfer hosts from any team via missing source team authorization

Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...

Fleet 安全漏洞

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...