PT-2026-28629 · Fleet · Fleet
Fuzzztf
·
Published
2026-03-27
·
Updated
2026-04-07
·
CVE-2026-34388
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Fleet versions prior to 4.81.0
Description
Fleet, an open-source device management software, contains a flaw in its gRPC Launcher endpoint. An authenticated host can exploit this to cause a denial-of-service condition, leading to the termination of the entire Fleet server process. This disruption impacts all connected hosts, Mobile Device Management (MDM) enrollments, and API consumers by sending an unexpected log type value to the
gRPC Launcher endpoint.Recommendations
Update to version 4.81.0 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fleet