github.com/fleetdm/fleet/v4 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/fleetdm/fleet/v4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2020-26276 — CVSS 10.0 (critical): Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML…
CVE-2026-23518 — CVSS 9.8 (critical): Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in…
CVE-2026-26191 — CVSS 9.8 (critical): Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could…
CVE-2025-27509: fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a…
CVE-2026-26060 — CVSS 8.8 (high): Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow…
CVE-2026-26186 — CVSS 8.8 (high): Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to…
CVE-2026-29180 — CVSS 8.8 (high): Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows…
CVE-2026-34386 — CVSS 8.8 (high): Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package…
CVE-2026-34385 — CVSS 8.1 (high): Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile…
CVE-2026-23517 — CVSS 8.1 (high): Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and…
CVE-2026-27806 — CVSS 7.8 (high): Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects…
CVE-2026-46356 — CVSS 7.5 (high): Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows…
CVE-2026-23998 — CVSS 7.5 (high): Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint…
CVE-2026-26061 — CVSS 7.5 (high): Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request…
CVE-2026-34388 — CVSS 7.5 (high): Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint…
CVE-2026-24899 — CVSS 7.5 (high): Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows…
CVE-2026-27465 — CVSS 6.5 (medium): Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose…
CVE-2026-34389 — CVSS 6.5 (medium): Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email…
CVE-2026-26062 — CVSS 6.5 (medium): Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC…
CVE-2026-25963 — CVSS 6.5 (medium): Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate…
CVE-2026-23999 — CVSS 5.5 (medium): Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable…
CVE-2026-22808 — CVSS 5.4 (medium): fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is…
CVE-2022-23600 — CVSS 5.3 (medium): fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication…
CVE-2026-24004 — CVSS 5.3 (medium): Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling…
CVE-2026-24000 — CVSS 5.3 (medium): Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining…