fleetdm

Top products

The 15 most recently published vulnerabilities affecting fleetdm.

• CVE-2026-46356Fleet: IP spoofing allows bypassing API rate limiting7.5May 14, 2026
• CVE-2026-26191Fleet vulnerable to OS command injection in software packages9.8May 14, 2026
• CVE-2026-26062Fleet server may terminate unexpectedly when handling certain gRPC requests6.5May 14, 2026
• CVE-2026-24899Fleet Windows MDM Azure AD JWT Authentication Bypass7.5May 14, 2026
• CVE-2026-24000Fleet has a rate limiting bypass via untrusted client IP headers5.3May 14, 2026
• CVE-2026-23998Fleet has a Windows MDM management endpoint authentication bypass7.5May 14, 2026
• CVE-2026-27806Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit7.8Apr 8, 2026
• CVE-2026-34391Fleet Vulnerable to Windows MDM cross-device command disclosure7.5Mar 27, 2026
• CVE-2026-34389Fleet's user account creation via invite does not enforce invited email address6.5Mar 27, 2026
• CVE-2026-34388Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint7.5Mar 27, 2026
• CVE-2026-34387Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts9.8Mar 27, 2026
• CVE-2026-34386Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin8.8Mar 27, 2026
• CVE-2026-34385Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database8.1Mar 27, 2026
• CVE-2026-29180Fleet's team maintainer can transfer hosts from any team via missing source team authorization8.8Mar 27, 2026
• CVE-2026-26061Fleet's unbounded request body read allows remote Denial of Service7.5Mar 27, 2026