SQL Injection in Fleetdm Fleet

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team…

Vulnerability class: SQL Injection

EPSS: 0.000 (3.7th percentile) — read the EPSS interpretation.

Affected products

Fleetdm Fleet — versions < 4.81.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/fleetdm/fleet/security/advisories/GHSA-9p23-p2m4-2r4m (x_refsource_CONFIRM)