CVE-2026-29180 in fleet정보

요약 (영어)

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute scripts with root privileges. Version 4.81.1 patches the issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

GitHub_M

예약하다

2026. 03. 04.

공개

2026. 03. 27.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
354003fleetdm fleet Device Management 권한 상승862정의되지 않음공식 수정CVE-2026-29180

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!