CVE-2026-34387

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1

Description Fleet is open source device management software susceptible to a command injection issue within its software installer pipeline. This allows an attacker to execute arbitrary code as root (macOS/Linux) or SYSTEM (Windows) on managed hosts when an uninstall is triggered for a specifically crafted software package. The issue resides in the uninstall scripts processing crafted software package metadata.

Recommendations Update to version 4.81.1 or later.