CVE-2026-34391 | THREATINT

Description

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. Version 4.81.1 patches the issue.

PUBLISHED Reserved 2026-03-27 | Published 2026-03-27 | Updated 2026-03-27 | Assigner GitHub_M

MEDIUM: 6.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-488: Exposure of Data Element to Wrong Session

Product status

< 4.81.1

affected

References

github.com/.../fleet/security/advisories/GHSA-wg7j-pcc3-h4rh

cve.org (CVE-2026-34391)

nvd.nist.gov (CVE-2026-34391)

Download JSON