cbcvebase.

Github.Com Fleetdm Fleet vulnerabilities

3 known vulnerabilities affecting github.com/fleetdm_fleet.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-23518P2CRITICAL≥ 4.78.0, < 4.78.3≥ 4.77.0, < 4.77.1+3 more2026-01-20
CVE-2026-23518 [CRITICAL] CWE-347 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment ### Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbit
ghsaosv
CVE-2026-23517P3HIGH≥ 4.78.0, < 4.78.3≥ 4.77.0, < 4.77.1+2 more2026-01-20
CVE-2026-23517 [HIGH] CWE-862 Fleet has an Access Control vulnerability in debug/pprof endpoints Fleet has an Access Control vulnerability in debug/pprof endpoints ### Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. ### Impact Fleet’s debug/pprof endpoints are accessible to any authe
ghsaosv
CVE-2026-22808P3MEDIUM≥ 4.78.0, < 4.78.2≥ 4.77.0, < 4.77.1+2 more2026-01-20
CVE-2026-22808 [MEDIUM] CWE-79 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability ### Summary A cross-site scripting (XSS) vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user account. In certain cases, this could lead to administrative access and the ability to perform privileged actions on managed devices. ### Impact If Windows MDM is enabled, an attac
ghsaosv
Github.Com Fleetdm Fleet vulnerabilities | cvebase