VYPR
Critical severity9.8NVD Advisory· Published Mar 27, 2026· Updated Apr 7, 2026

CVE-2026-34387

CVE-2026-34387

Description

Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed hosts when an uninstall is triggered for a crafted software package. Version 4.81.1 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fleetdm/Fleet2 versions
    cpe:2.3:a:fleetdm:fleet:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fleetdm:fleet:*:*:*:*:*:*:*:*range: <4.81.1
    • (no CPE)range: <4.81.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.