CVE-2026-34391 in fleetdm fleet
Summary
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. Version 4.81.1 patches the issue.
Responsible
GitHub_M
Reservation
03/27/2026
Disclosure
03/27/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354025 | fleetdm fleet wrong session | 488 | 5.3 | 5.1 | $0-$5k | $0-$5k | Not defined | 0.00024 | 0.00 | Official fix | CVE-2026-34391 |