Vulnerabilities in fleetdm
29 resultsCVE-2026-23518CRITICALFleet has a JWT signature bypass vulnerability in Azure AD MDM enrollmentEPSS 0.2%CVE-2026-23998HIGHFleet has a Windows MDM management endpoint authentication bypassEPSS 0.2%CVE-2026-22808MEDIUMFleet Windows MDM endpoint has a Cross-site Scripting vulnerabilityEPSS 0.2%CVE-2026-34385MEDIUMFleet's Apple MDM profile delivery has second-order SQL injection that can compromise the databaseEPSS 0.2%CVE-2026-25963LOWFleet: Authorization Bypass in certificate template batch deletion for team administratorsEPSS 0.2%CVE-2026-34389MEDIUMFleet's user account creation via invite does not enforce invited email addressEPSS 0.2%CVE-2026-34391MEDIUMFleet Vulnerable to Windows MDM cross-device command disclosureEPSS 0.2%CVE-2026-23999LOWFleet: Device lock PIN can be predicted if lock time is knownEPSS 0.1%CVE-2026-27806HIGHFleet Affected by Local Privilege Escalation via Tcl Command Injection in OrbitEPSS 0.1%