CVE-2026-34388 | THREATINT

Description

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue.

PUBLISHED Reserved 2026-03-27 | Published 2026-03-27 | Updated 2026-03-31 | Assigner GitHub_M

MEDIUM: 6.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Problem types

CWE-703: Improper Check or Handling of Exceptional Conditions

Product status

< 4.81.0

affected

References

github.com/.../fleet/security/advisories/GHSA-w254-4hp5-7cvv

cve.org (CVE-2026-34388)

nvd.nist.gov (CVE-2026-34388)

Download JSON