CVE-2026-24004

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1

Description Fleet is open source device management software. A flaw in the Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. An attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. The impact is limited to disruption of Android device management for the affected device.

Recommendations Versions prior to 4.80.1 should be upgraded to version 4.80.1. As a temporary workaround, consider disabling Android MDM if an immediate upgrade is not possible.