PT-2026-29936 — Github.Com/Fleetdm/Fleet/V4

PT-2026-29936 · Go · Github.Com/Fleetdm/Fleet/V4

Published

2026-04-02

Updated

2026-04-02

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Fleet's unbounded request body read allows remote Denial of Service in github.com/fleetdm/fleet.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/fleetdm/fleet/v4 before v4.43.5-0.20260113202849-bbc1aef2987d.

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

GO-2026-4889

Github.Com/Fleetdm/Fleet/V4