High severity7.5NVD Advisory· Published Mar 27, 2026· Updated Apr 2, 2026
CVE-2026-34388
CVE-2026-34388
Description
Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/fleetdm/fleet/v4Go | < 4.81.0 | 4.81.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-w254-4hp5-7cvvghsaADVISORY
- github.com/fleetdm/fleet/security/advisories/GHSA-w254-4hp5-7cvvnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34388ghsaADVISORY
News mentions
0No linked articles in our index yet.