Resource exhaustion in Fleetdm Fleet

CVE-2026-26061

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by s…

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

Fleetdm Fleet — versions < 4.81.0

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/fleetdm/fleet/security/advisories/GHSA-99hj-44vg-hfcp (x_refsource_CONFIRM)