Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fleet — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in Fleet, with AI-generated Chinese analysis, references, and POCs.

Vendor: Fleet

CVE IDTitleCVSSSeverityPublished
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit CWE-78 7.8 High2026-04-08
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure CWE-488 6.5 -2026-03-27
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address CWE-287 8.8 -2026-03-27
CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint CWE-703 6.5 -2026-03-27
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts CWE-78 7.2 -2026-03-27
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin CWE-89 6.5 -2026-03-27
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database CWE-89 8.8 -2026-03-27
CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization CWE-862 9.1 -2026-03-27
CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service CWE-770 7.5 -2026-03-27
CVE-2026-26060 Fleet: Password reset tokens remain valid after password change for 24 hours CWE-613 7.5 -2026-03-27
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users CWE-201 4.3AIMediumAI2026-02-26
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators CWE-863 3.8AILowAI2026-02-26
CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known CWE-330 5.7AIMediumAI2026-02-26
CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint CWE-862 8.2AIHighAI2026-02-26
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter CWE-89 8.1AIHighAI2026-02-26
CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment CWE-347 9.4AICriticalAI2026-01-21
CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints CWE-862 6.5AIMediumAI2026-01-21
CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability CWE-79 8.8AIHighAI2026-01-21
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation CWE-285 8.8 -2025-03-06
CVE-2022-24841 Improper Authorization in github.com/fleetdm/fleet CWE-284 6.5 Medium2022-04-18
CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification CWE-287 5.3 Medium2022-02-04
CVE-2021-21296 Denial-of-service in Fleet CWE-400 2.7 Low2021-02-10
CVE-2020-26276 SAML authentication vulnerability in Fleet CWE-290 10.0 Critical2020-12-17
CVE-2019-1020009 Fleet 信任管理问题漏洞 7.5 -2019-07-29

All 24 known CVE vulnerabilities affecting Fleet with full Chinese analysis, references, and POCs where available.