Go modules package
github.com/fleetdm/fleet
pkg:golang/github.com/fleetdm/fleet
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23518 | — | >= 4.78.0, < 4.78.3 | 4.78.3 | Jan 21, 2026 | Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT sig | ||
| CVE-2026-23517 | — | >= 4.78.0, < 4.78.3 | 4.78.3 | Jan 21, 2026 | Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view inter | ||
| CVE-2026-22808 | — | >= 4.78.0, < 4.78.2 | 4.78.2 | Jan 21, 2026 | fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_toke |
- CVE-2026-23518Jan 21, 2026affected >= 4.78.0, < 4.78.3fixed 4.78.3
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT sig
- CVE-2026-23517Jan 21, 2026affected >= 4.78.0, < 4.78.3fixed 4.78.3
Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view inter
- CVE-2026-22808Jan 21, 2026affected >= 4.78.0, < 4.78.2fixed 4.78.2
fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_toke