CVE-2026-24004
published 2026-02-26CVE-2026-24004: Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow…
PriorityP335medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.26%
17.5th percentile
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fleetdm | fleet | < 4.80.1 | 4.80.1 |
| github.com | fleetdm_fleet_v4 | >= 0 < 4.80.1 | 4.80.1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.01.7LOWCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet
osv·2026-02-27
CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet
GHSA
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
ghsa·2026-02-26
CVE-2026-24004 [MEDIUM] CWE-306 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
### Summary
A vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management.
### Impact
If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication.
This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device.
### Workarounds
If an immediate upgrade is not possible, affected Fleet users should te
OSV
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
osv·2026-02-26
CVE-2026-24004 [MEDIUM] Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
### Summary
A vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management.
### Impact
If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication.
This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device.
### Workarounds
If an immediate upgrade is not possible, affected Fleet users should te
No detection rules found.
No public exploits indexed.
2026-02-26
Published