Fleetdm Fleet
29 CVEs affecting Fleetdm Fleet. Latest disclosed: 2026-05-14. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-26276 | Critical | 10.0 | 2020-12-17 | Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutate… |
CVE-2026-26191 | Critical | 9.8 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software… |
CVE-2026-27806 | High | 7.8 | 2026-04-08 | Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's pass… |
CVE-2026-46356 | High | 7.5 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to by… |
CVE-2026-24899 | High | 7.5 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens f… |
CVE-2026-23998 | High | 7.5 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be… |
CVE-2026-26062 | Medium | 6.5 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` en… |
CVE-2022-24841 | Medium | 6.5 | 2022-04-18 | fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization b… |
CVE-2026-24000 | Medium | 5.3 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for i… |
CVE-2022-23600 | Medium | 5.3 | 2022-02-04 | fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audienc… |
CVE-2021-21296 | Low | 2.7 | 2021-02-10 | Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes t… |
CVE-2026-34391 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device… | |
CVE-2026-34389 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during… | |
CVE-2026-34388 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated h… | |
CVE-2026-34387 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker t… | |
CVE-2026-34386 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authen… | |
CVE-2026-34385 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline cou… | |
CVE-2026-29180 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer t… | |
CVE-2026-26061 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enfo… | |
CVE-2026-26060 | | 2026-03-27 | Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password r… |