Back to search
CVE-2026-34385
Published: Mar 27, 2026
Modified: Mar 31, 2026
PUBLISHED
Description
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue.
| Vendor | Product | Versions |
|---|---|---|
fleetdm | fleet | affected < 4.81.0 |
Weaknesses (CWE)
References
https://github.com/fleetdm/fleet/security/advisories/GHSA-v895-833r-8c45
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now