threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fleetdm fleet
Product
fleetdm fleet
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-46356
< 4.80.1
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows un
7.5
HIGH
CVE-2026-26191
< 4.81.0
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline c
9.8
CRITICAL
CVE-2026-26062
< 4.81.0
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the g
6.5
MEDIUM
CVE-2026-24000
< 4.80.1
Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when de
5.3
MEDIUM
CVE-2026-23998
< 4.81.0
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endp
7.5
HIGH
CVE-2026-27806
< 4.81.1
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on
7.8
HIGH
CVE-2026-34391
< 4.81.1
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows
7.5
HIGH
CVE-2026-34389
< 4.81.1
Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the e
6.5
MEDIUM
CVE-2026-34388
< 4.81.0
Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpo
7.5
HIGH
CVE-2026-34387
< 4.81.1
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer
9.8
CRITICAL
CVE-2026-34386
< 4.81.0
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package c
8.8
HIGH
CVE-2026-34385
< 4.81.0
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM
8.1
HIGH
CVE-2026-29180
< 4.81.1
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer A
8.8
HIGH
CVE-2026-26061
< 4.81.0
Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that rea
7.5
HIGH
CVE-2026-26060
< 4.81.0
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could all
8.8
HIGH
CVE-2026-27465
< 4.80.1
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could
6.5
MEDIUM
CVE-2026-25963
< 4.80.1
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificat
6.5
MEDIUM
CVE-2026-24004
< 4.80.1
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub han
5.3
MEDIUM
CVE-2026-23999
< 4.80.1
Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a pr
5.5
MEDIUM
CVE-2026-26186
< 4.80.1
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated u
8.8
HIGH
CVE-2026-23518
< 4.53.3
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability
9.8
CRITICAL
CVE-2026-23517
< 4.53.3
Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2
8.1
HIGH
CVE-2026-22808
< 4.53.3
fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows
5.4
MEDIUM
CVE-2022-24841
< 4.13
fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are aff
6.5
MEDIUM
CVE-2022-23600
< 4.9.1
fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authen
5.3
MEDIUM
CVE-2021-21296
< 3.7.0
Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly fo
2.7
LOW
CVE-2020-26276
< 3.5.1
Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a vali
10.0
CRITICAL
CVE-2019-1020009
>= 2.0.2 and <= 2.1.1
Fleet before 2.1.2 allows exposure of SMTP credentials.
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin