Github.Com Fleetdm Fleet vulnerabilities
3 known vulnerabilities affecting github.com/fleetdm_fleet.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-23518P2CRITICAL≥ 4.78.0, < 4.78.3≥ 4.77.0, < 4.77.1+3 more2026-01-20
CVE-2026-23518 [CRITICAL] CWE-347 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
### Summary
A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbit
ghsaosv
CVE-2026-23517P3HIGH≥ 4.78.0, < 4.78.3≥ 4.77.0, < 4.77.1+2 more2026-01-20
CVE-2026-23517 [HIGH] CWE-862 Fleet has an Access Control vulnerability in debug/pprof endpoints
Fleet has an Access Control vulnerability in debug/pprof endpoints
### Summary
A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations.
### Impact
Fleet’s debug/pprof endpoints are accessible to any authe
ghsaosv
CVE-2026-22808P3MEDIUM≥ 4.78.0, < 4.78.2≥ 4.77.0, < 4.77.1+2 more2026-01-20
CVE-2026-22808 [MEDIUM] CWE-79 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability
### Summary
A cross-site scripting (XSS) vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user account. In certain cases, this could lead to administrative access and the ability to perform privileged actions on managed devices.
### Impact
If Windows MDM is enabled, an attac
ghsaosv