CVE-2026-22808

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.78.2 Fleet versions 4.53.3 through 4.77.1 Fleet versions 4.75.2 Fleet versions 4.76.2

Description Fleet, an open-source device management software, contains a cross-site scripting (XSS) flaw in its Windows MDM authentication flow. An unauthenticated attacker can exploit this issue by crafting a malicious link and tricking a Fleet user into clicking it. Successful exploitation allows the attacker to steal the user's authentication token (FLEET::auth token) from the browser's localStorage. This could grant unauthorized access to Fleet, including administrative privileges, visibility into device data, and the ability to modify configurations. In some cases, an attacker could deploy scripts to managed devices. Fleet manages millions of endpoints in enterprise environments. The vulnerability is present when Windows MDM is enabled.

Recommendations Upgrade to Fleet version 4.78.2 or later. Upgrade to Fleet version 4.77.1. Upgrade to Fleet version 4.76.2. Upgrade to Fleet version 4.75.2. If an immediate upgrade is not possible, temporarily disable Windows MDM.