CVE-2026-34385 in fleetИнформация

Сводка

по MITRE • 27.03.2026

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

GitHub M

Резервировать

27.03.2026

Раскрытие

27.03.2026

Модерация

принято

Вход

VDB-353971

EPSS

0.00197

KEV

Нет

Деятельности

Очень низкий

Источники

Do you know our Splunk app?

Download it now for free!