CVE-2026-34385

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0

Description Fleet is open source device management software susceptible to a second-order SQL injection in its Apple MDM profile delivery pipeline. An attacker possessing a valid MDM enrollment certificate could potentially exfiltrate or modify the Fleet database contents. This includes sensitive information such as user credentials, API tokens, and device enrollment secrets.

Recommendations Update to version 4.81.0 or later.