High severity7.5NVD Advisory· Published Mar 27, 2026· Updated Apr 2, 2026
CVE-2026-34388
CVE-2026-34388
Description
Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/fleetdm/fleet/v4Go | < 4.81.0 | 4.81.0 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/fleetdm/fleet/v4pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 4.81.0+ 1 more
- (no CPE)range: < 4.81.0
- (no CPE)range: < 0.0.20260402T184258-150000.1.158.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-w254-4hp5-7cvvghsaADVISORY
- github.com/fleetdm/fleet/security/advisories/GHSA-w254-4hp5-7cvvnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34388ghsaADVISORY
News mentions
0No linked articles in our index yet.