Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fleetdm — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting fleetdm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fleet is an open-source endpoint management platform designed for IT teams to monitor and control macOS, Linux, and Windows devices. Its architecture facilitates remote command execution and software deployment, making it a critical infrastructure component for many organizations. Security audits have identified twenty-three Common Vulnerabilities and Exposures (CVEs) associated with the software, primarily stemming from its web-based interface and API. Historically, these flaws have included remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often linked to improper input validation or authentication bypasses. While no widespread, high-profile data breaches have been publicly attributed directly to Fleet, the presence of multiple critical severity issues highlights the risks inherent in managing such a central control tool. Administrators must prioritize regular patching and strict access controls to mitigate the potential impact of these known weaknesses on their broader network security posture.

Top products by fleetdm: fleet
CVE IDTitleCVSSSeverityPublished
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit — fleetCWE-78 7.8 High2026-04-08
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure — fleetCWE-488 6.5 -2026-03-27
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address — fleetCWE-287 8.8 -2026-03-27
CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint — fleetCWE-703 6.5 -2026-03-27
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts — fleetCWE-78 7.2 -2026-03-27
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin — fleetCWE-89 6.5 -2026-03-27
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database — fleetCWE-89 8.8 -2026-03-27
CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization — fleetCWE-862 9.1 -2026-03-27
CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service — fleetCWE-770 7.5 -2026-03-27
CVE-2026-26060 Fleet: Password reset tokens remain valid after password change for 24 hours — fleetCWE-613 7.5 -2026-03-27
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users — fleetCWE-201 4.3AIMediumAI2026-02-26
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators — fleetCWE-863 3.8AILowAI2026-02-26
CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known — fleetCWE-330 5.7AIMediumAI2026-02-26
CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint — fleetCWE-862 8.2AIHighAI2026-02-26
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter — fleetCWE-89 8.1AIHighAI2026-02-26
CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment — fleetCWE-347 9.4AICriticalAI2026-01-21
CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints — fleetCWE-862 6.5AIMediumAI2026-01-21
CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability — fleetCWE-79 8.8AIHighAI2026-01-21
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation — fleetCWE-285 8.8 -2025-03-06
CVE-2022-24841 Improper Authorization in github.com/fleetdm/fleet — fleetCWE-284 6.5 Medium2022-04-18
CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification — fleetCWE-287 5.3 Medium2022-02-04
CVE-2021-21296 Denial-of-service in Fleet — fleetCWE-400 2.7 Low2021-02-10
CVE-2020-26276 SAML authentication vulnerability in Fleet — fleetCWE-290 10.0 Critical2020-12-17

This page lists every published CVE security advisory associated with fleetdm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.