cvedb.io
CVE-2026-34386
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-03-27T19:16:43.427 · Last modified 2026-06-17T10:38:59.463

Summary

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs via direct API calls. Version 4.81.0 patches the issue.

Affected products

fleetdm — fleet

Does this affect you?

Add your gear to cvedb and we'll alert you only when fleetdm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.