CVE-2026-26062— Fleet server may terminate unexpectedly when handling certain gRPC requests
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-26062
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fleet server may terminate unexpectedly when handling certain gRPC requests
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host. An authenticated attacker with access to any enrolled Launcher node key could cause an immediate and complete denial of service by sending a single gRPC request to the `PublishLogs` endpoint. This vulnerability impacts availability only. There is no exposure of sensitive data, no authentication bypass, no privilege escalation, and no integrity impact. Version 4.81.0 contains a patch. If upgrading immediately is not possible, the following mitigations can reduce exposure. Restrict network access to the Fleet gRPC endpoint where feasible (for example, limiting inbound access to known host IP ranges); deploy Fleet behind infrastructure that terminates or filters gRPC traffic if Launcher log ingestion is not required; and/or monitor for repeated Fleet process crashes or unexpected restarts indicating potential exploitation.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-26062
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-26062
请登录查看更多情报信息。
- https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0x_refsource_MISC
- https://github.com/fleetdm/fleet/security/advisories/GHSA-x67p-9m2r-fxqvx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-26062
Same Patch Batch · fleetdm · 2026-05-14 · 6 CVEs total
| CVE-2026-26191 | Fleet vulnerable to OS command injection in software packages | |
| CVE-2026-24000 | Fleet has a rate limiting bypass via untrusted client IP headers | |
| CVE-2026-24899 | Fleet Windows MDM Azure AD JWT Authentication Bypass | |
| CVE-2026-46356 | Fleet: IP spoofing allows bypassing API rate limiting | |
| CVE-2026-23998 | Fleet has a Windows MDM management endpoint authentication bypass |
IV. Related Vulnerabilities
Same product: fleet
- CVE-2026-46356
Fleet: IP spoofing allows bypassing API rate limiting - CVE-2026-26191
Fleet vulnerable to OS command injection in software package - CVE-2026-24899
Fleet Windows MDM Azure AD JWT Authentication Bypass - CVE-2026-24000
Fleet has a rate limiting bypass via untrusted client IP hea - CVE-2026-23998
Fleet has a Windows MDM management endpoint authentication b
Same vendor: fleetdm
- CVE-2026-46356
Fleet: IP spoofing allows bypassing API rate limiting - CVE-2026-26191
Fleet vulnerable to OS command injection in software package - CVE-2026-24899
Fleet Windows MDM Azure AD JWT Authentication Bypass - CVE-2026-24000
Fleet has a rate limiting bypass via untrusted client IP hea - CVE-2026-23998
Fleet has a Windows MDM management endpoint authentication b
V. Comments for CVE-2026-26062
No comments yet