10 matches found
OS Command Injection
Fleet is vulnerable to Command Injection. The vulnerability is due to improper sanitization of software package metadata used in auto-generated uninstall scripts, allowing specially crafted package metadata to inject and execute arbitrary commands with elevated privileges root on macOS/Linux or...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...
CVE-2026-26191 Fleet vulnerable to OS command injection in software packages
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. When a...
Fleet vulnerable to OS command injection in software packages
Summary A vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. Impact When a software package .pkg, .deb, .rpm, .exe, or .msi is uploaded...
GHSA-9VCR-G537-3W5V Fleet vulnerable to OS command injection in software packages
Summary A vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. Impact When a software package .pkg, .deb, .rpm, .exe, or .msi is uploaded...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the software installer pipeline that generates uninstall shell scripts without sanitization. An attacker can execute arbitrary system commands with elevated privileges by crafting malicious software package metadat...
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...
CVE-2026-34387
Fleet is an open source device management platform. A command injection vulnerability exists in Fleet’s software installer pipeline prior to version 4.81.1, enabling arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when uninstalling a crafted software package. Affected compone...
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...