Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fleetdm — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting fleetdm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fleet is an open-source endpoint management platform designed for IT teams to monitor and control macOS, Linux, and Windows devices. Its architecture facilitates remote command execution and software deployment, making it a critical infrastructure component for many organizations. Security audits have identified twenty-three Common Vulnerabilities and Exposures (CVEs) associated with the software, primarily stemming from its web-based interface and API. Historically, these flaws have included remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often linked to improper input validation or authentication bypasses. While no widespread, high-profile data breaches have been publicly attributed directly to Fleet, the presence of multiple critical severity issues highlights the risks inherent in managing such a central control tool. Administrators must prioritize regular patching and strict access controls to mitigate the potential impact of these known weaknesses on their broader network security posture.

Found 23 results / 23Clear Filters
Top products by fleetdm: fleet
CVE IDTitleCVSSSeverityPublished
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit — fleetCWE-78 7.8 High2026-04-08
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure — fleetCWE-488 6.5 -2026-03-27
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address — fleetCWE-287 8.8 -2026-03-27
CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint — fleetCWE-703 6.5 -2026-03-27
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts — fleetCWE-78 7.2 -2026-03-27
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin — fleetCWE-89 6.5 -2026-03-27
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database — fleetCWE-89 8.8 -2026-03-27
CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization — fleetCWE-862 9.1 -2026-03-27
CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service — fleetCWE-770 7.5 -2026-03-27
CVE-2026-26060 Fleet: Password reset tokens remain valid after password change for 24 hours — fleetCWE-613 7.5 -2026-03-27
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users — fleetCWE-201 4.3AIMediumAI2026-02-26
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators — fleetCWE-863 3.8AILowAI2026-02-26
CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known — fleetCWE-330 5.7AIMediumAI2026-02-26
CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint — fleetCWE-862 8.2AIHighAI2026-02-26
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter — fleetCWE-89 8.1AIHighAI2026-02-26
CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment — fleetCWE-347 9.4AICriticalAI2026-01-21
CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints — fleetCWE-862 6.5AIMediumAI2026-01-21
CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability — fleetCWE-79 8.8AIHighAI2026-01-21
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation — fleetCWE-285 8.8 -2025-03-06
CVE-2022-24841 Improper Authorization in github.com/fleetdm/fleet — fleetCWE-284 6.5 Medium2022-04-18
CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification — fleetCWE-287 5.3 Medium2022-02-04
CVE-2021-21296 Denial-of-service in Fleet — fleetCWE-400 2.7 Low2021-02-10
CVE-2020-26276 SAML authentication vulnerability in Fleet — fleetCWE-290 10.0 Critical2020-12-17

This page lists every published CVE security advisory associated with fleetdm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.