VYPR

Go modules package

github.com/fleetdm/fleet

pkg:golang/github.com/fleetdm/fleet

Vulnerabilities (3)

  • CVE-2026-23518Jan 21, 2026
    affected >= 4.78.0, < 4.78.3fixed 4.78.3

    Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT sig

  • CVE-2026-23517Jan 21, 2026
    affected >= 4.78.0, < 4.78.3fixed 4.78.3

    Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view inter

  • CVE-2026-22808Jan 21, 2026
    affected >= 4.78.0, < 4.78.2fixed 4.78.2

    fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_toke