Lucene search
K
FleetdmFleet

28 matches found

CVE
CVE
added 2026/02/26 2:45 a.m.337 views

CVE-2026-23999

CVE-2026-23999 affects Fleet open source device management before version 4.80.1. The vulnerability stems from a predictable 6‑digit PIN (device lock/wipe) derived from the current Unix timestamp without secret entropy, allowing an attacker with physical access and knowledge of approximate lock t...

5.5CVSS5.6AI score0.00124EPSS
CVE
CVE
added 2026/02/26 2:54 a.m.295 views

CVE-2026-27465

Summary: CVE-2026-27465 affects Fleet before v4.80.1, where the configuration API could expose Google Calendar service account credentials to authenticated users with the lowest-privilege role (Observer). The credentials were not properly obfuscated, potentially allowing unauthorized access to Go...

6.5CVSS5.5AI score0.00241EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.113 views

CVE-2022-23600

Fleet (fleetdm/fleet) before version 4.9.1 is vulnerable to a limited SAML authentication spoof due to missing audience verification. Two attack scenarios are described: (1) a malicious SP could log in as a Fleet user if the user has a matching email in Fleet and signs into the malicious SP via t...

6.5CVSS5.7AI score0.00889EPSS
CVE
CVE
added 2022/04/18 9:20 p.m.99 views

CVE-2022-24841

CVE-2022-24841 affects fleetdm/fleet (osquery-based device management). In versions with the teams feature, a team admin can illegitimately grant themselves admin/maintainer/observer privileges on other teams due to an authorization bypass. Instances without teams or with unrestricted teams accou...

8.1CVSS7.2AI score0.00791EPSS
CVE
CVE
added 2021/02/10 8:0 p.m.61 views

CVE-2021-21296

Fleet is an open-source osquery manager. CVE-2021-21296 affects Fleet versions prior to 3.7.0, where a malicious actor with a valid node key can send a malformed request that crashes the Fleet server during an ongoing live query, causing denial of service. The impact is described as low due to th...

4CVSS3.8AI score0.01941EPSS
CVE
CVE
added 2020/12/17 7:40 p.m.54 views

CVE-2020-26276

CVE-2020-26276 affects Fleet, an open source osquery manager. The issue arises before version 3.5.1 due to Go's standard library XML parsing, allowing a crafted SAML response to mutate the trusted document and enable unverified logins from a SAML IdP. Impact is limited to Fleet instances configur...

10CVSS9.3AI score0.02168EPSS
CVE
CVE
added 2026/02/26 2:49 a.m.53 views

CVE-2026-25963

Fleet is an open source device management platform. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could let a team administrator delete certificate templates belonging to other teams within the same Fleet instance. The affected flow validat...

6.5CVSS5.3AI score0.00191EPSS
CVE
CVE
added 2026/05/14 7:3 p.m.38 views

CVE-2026-46356

Fleet (open-source device management) before v4.80.1 is vulnerable: an IP extraction flaw lets unauthenticated attackers bypass per-IP rate limits by rotating headers like True-Client-IP, X-Real-IP, or X-Forwarded-For, enabling brute-force or credential stuffing on exposed instances. Root cause: ...

7.5CVSS5.8AI score0.00276EPSS
CVE
CVE
added 2026/05/14 6:58 p.m.33 views

CVE-2026-24899

CVE-2026-24899 affects Fleet Windows MDM enrollment. Before 4.82.0, Fleet validates JWTs with Microsoft’s multi-tenant JWKS but does not enforce aud or iss, allowing any Microsoft-signed Azure AD access token with the expected scopes to authenticate to Fleet’s MDM endpoints. If Windows MDM is ena...

8.2CVSS5.8AI score0.00381EPSS
CVE
CVE
added 2026/01/21 9:45 p.m.27 views

CVE-2026-23517

Fleet (open source device management software) has a broken access control vulnerability in debug/pprof endpoints that allows any authenticated user, including the lowest-privilege Observer role, to access internal server diagnostics and trigger CPU-intensive profiling operations. This affects ve...

8.7CVSS5.5AI score0.00246EPSS
CVE
CVE
added 2026/03/27 6:23 p.m.27 views

CVE-2026-26061

CVE-2026-26061 affects the open‑source Fleet device management platform. Versions prior to 4.81.0 expose multiple unauthenticated HTTP endpoints that read request bodies without a size limit, enabling an unauthenticated attacker to send large or repeated payloads and trigger excessive memory allo...

8.7CVSS5.9AI score0.00434EPSS
CVE
CVE
added 2026/05/14 7:2 p.m.26 views

CVE-2026-26191

Fleet prior to version 4.81.0 is affected by a vulnerability in the software installer pipeline where metadata from uploaded packages (pkg, deb, rpm, exe, msi) is used to generate uninstall scripts without proper sanitization. A crafted package could cause arbitrary commands to run with root priv...

9.8CVSS6.2AI score0.00773EPSS
CVE
CVE
added 2026/05/14 6:56 p.m.25 views

CVE-2026-24000

Fleet is open-source device management software. A vulnerability in versions prior to 4.80.1 lets attackers spoof the client’s apparent IP by abusing unvalidated headers (X-Forwarded-For, X-Real-IP, True-Client-IP) to bypass per-IP rate limiting. This affects how Fleet determines a client’s publi...

6.9CVSS6.5AI score0.0043EPSS
CVE
CVE
added 2026/02/26 12:5 a.m.25 views

CVE-2026-26186

Fleet is affected by a SQL injection in versions prior to 4.80.1. The flaw stems from unsafe use of goqu.I() while building the ORDER BY clause, allowing an authenticated user to inject arbitrary SQL expressions via the order_key parameter. This can enable blind SQL injection techniques to disclo...

8.8CVSS6AI score0.00301EPSS
CVE
CVE
added 2026/03/27 7:19 p.m.25 views

CVE-2026-34391

CVE-2026-34391 concerns Fleet, an open‑source device management platform. A flaw in Fleet’s Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data (e.g., WiFi credentials, VPN secrets, ...

8.7CVSS5.9AI score0.00161EPSS
CVE
CVE
added 2026/05/14 6:48 p.m.24 views

CVE-2026-23998

CVE-2026-23998 affects Fleet open-source device management software, specifically the Windows MDM management endpoint. A vulnerability in the endpoint could allow requests without proper client certificate validation to be processed as trusted, enabling an attacker who knows a valid enrolled devi...

8.2CVSS5.8AI score0.00214EPSS
CVE
CVE
added 2026/01/21 9:50 p.m.23 views

CVE-2026-23518

Fleet is open source device management software. CVE-2026-23518 describes a JWT signature bypass in Fleet’s Windows MDM enrollment flow, where attacker-supplied tokens could be accepted without proper JWT verification, allowing enrollment of unauthorized devices under arbitrary Azure AD identitie...

9.8CVSS5.7AI score0.00226EPSS
CVE
CVE
added 2026/03/27 6:22 p.m.23 views

CVE-2026-26060

CVE-2026-26060 concerns Fleet, an open-source device-management platform. According to the provided sources, prior to version 4.81.0, the password-management logic allowed previously issued password-reset tokens to remain valid after a user changes their password, enabling a stale token to be use...

8.8CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2026/04/08 5:40 p.m.22 views

CVE-2026-27806

Fleet Orbit is affected prior to version 4.81.1 where the Orbit agent’s FileVault rotation flow collects a local user’s password through a GUI dialog and interpolates it into a Tcl/expect script executed via exec.Command("expect", "-c", script). The password is inserted into a Tcl brace-quoted se...

7.8CVSS6AI score0.00111EPSS
CVE
CVE
added 2026/03/27 6:30 p.m.22 views

CVE-2026-34386

Fleet is open source device management software. Before 4.81.0, a SQL injection vulnerability in Fleet’s MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet da...

8.8CVSS6AI score0.00318EPSS
CVE
CVE
added 2026/02/26 2:43 a.m.19 views

CVE-2026-24004

CVE-2026-24004 affects Fleet open source device management software prior to 4.80.1. The issue is in Android MDM Pub/Sub handling, allowing unauthenticated requests to trigger unenrollment events, potentially removing individual Android devices from Fleet management. Impact is disruption of Andro...

6.3CVSS5.6AI score0.00262EPSS
CVE
CVE
added 2026/05/14 7:0 p.m.19 views

CVE-2026-26062

CVE-2026-26062 affects Fleet before version 4.81.0, where the gRPC Launcher PublishLogs endpoint could terminate the Fleet server when handling certain inputs. An authenticated attacker with access to an enrolled Launcher node key could trigger an immediate DoS by sending a single gRPC request, i...

8.7CVSS5.8AI score0.00372EPSS
CVE
CVE
added 2026/03/27 6:29 p.m.19 views

CVE-2026-34385

CVE-2026-34385 affects Fleet open source device management software. A second‑order SQL injection in Fleet’s Apple MDM profile delivery pipeline prior to 4.81.0 could allow a user with a valid MDM enrollment certificate to exfiltrate or modify the Fleet database contents, including user credentia...

8.6CVSS6AI score0.00197EPSS
CVE
CVE
added 2026/03/27 6:27 p.m.16 views

CVE-2026-29180

Fleet is an open-source device management platform. Before version 4.81.1, a broken access control in Fleet’s host transfer API allows a team maintainer to transfer hosts from any team into their own, bypassing team isolation. Once transferred, the attacker gains full control over the stolen host...

8.8CVSS6AI score0.00315EPSS
CVE
CVE
added 2026/03/27 6:31 p.m.16 views

CVE-2026-34387

Fleet is an open source device management platform. A command injection vulnerability exists in Fleet’s software installer pipeline prior to version 4.81.1, enabling arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when uninstalling a crafted software package. Affected compone...

9.8CVSS6.4AI score0.01282EPSS
CVE
CVE
added 2026/03/27 7:18 p.m.16 views

CVE-2026-34389

CVE-2026-34389 affects Fleet open-source device management. Before 4.81.0, the user invitation flow did not validate the invitee’s email during invite acceptance against the email tied to the invite token. An attacker with a valid invite token could create an account under an arbitrary email whil...

7.1CVSS6AI score0.00184EPSS
CVE
CVE
added 2026/01/21 9:18 p.m.15 views

CVE-2026-22808

CVE-2026-22808 describes a Cross-site Scripting (XSS) vulnerability in Fleet Windows MDM endpoint (fleetdm/fleet). If Windows MDM is enabled, an unauthenticated attacker could trigger XSS to steal the Fleet administrator token (FLEET::auth_token) from localStorage, potentially enabling unauthoriz...

5.5CVSS5.5AI score0.00209EPSS
CVE
CVE
added 2026/03/27 7:13 p.m.13 views

CVE-2026-34388

CVE-2026-34388 affects Fleet open-source device management software. Before version 4.81.0, an unaudited denial-of-service condition exists in Fleet’s gRPC Launcher endpoint, where an authenticated host can crash the entire Fleet server process by sending an unexpected log type value. The crash t...

8.7CVSS5.9AI score0.00263EPSS