PT-2026-28629 · Fleet · Fleet

Fuzzztf

Publicado

2026-03-27

Atualizado

2026-04-07

CVE-2026-34388

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0

Description Fleet, an open-source device management software, contains a flaw in its gRPC Launcher endpoint. An authenticated host can exploit this to cause a denial-of-service condition, leading to the termination of the entire Fleet server process. This disruption impacts all connected hosts, Mobile Device Management (MDM) enrollments, and API consumers by sending an unexpected log type value to the gRPC Launcher endpoint.

Recommendations Update to version 4.81.0 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-703

Identificadores relacionados

CVE-2026-34388

GHSA-W254-4HP5-7CVV

GO-2026-4915

SUSE-SU-2026:1205-1

Produtos afetados

Fleet

PT-2026-28629 · Fleet · Fleet

CVE-2026-34388

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 45