PT-2026-29935 — Github.Com/Fleetdm/Fleet/V4

PT-2026-29935 · Go · Github.Com/Fleetdm/Fleet/V4

Published

2026-04-02

Updated

2026-04-02

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/fleetdm/fleet/v4 before v4.43.5-0.20260113202849-bbc1aef2987d.

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

GO-2026-4888

Github.Com/Fleetdm/Fleet/V4