Vulnerability in Fleetdm Fleet

CVE-2026-26060

Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a…

EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.

Affected products

Fleetdm Fleet — versions < 4.81.0

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

References

https://github.com/fleetdm/fleet/security/advisories/GHSA-3458-r943-hmx4 (x_refsource_CONFIRM)