Summaryinfo

A vulnerability described as problematic has been identified in fleetdm fleet up to 4.80.x. Affected by this vulnerability is an unknown functionality of the component HTTP Endpoint. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-26061. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in fleetdm fleet up to 4.80.x and classified as problematic. Affected by this issue is an unknown code block of the component HTTP Endpoint. The manipulation with an unknown input leads to a allocation of resources vulnerability. Using CWE to declare the problem leads to CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. Impacted is availability. CVE summarizes:

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service (DoS) condition. Version 4.81.0 patches the issue.

The advisory is available at github.com. This vulnerability is handled as CVE-2026-26061 since 02/10/2026. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1499 by the MITRE ATT&CK project.

Upgrading to version 4.81.0 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• fleetdm

Name

• fleet

Version

• 4.0
• 4.1
• 4.2
• 4.3
• 4.4
• 4.5
• 4.6
• 4.7
• 4.8
• 4.9
• 4.10
• 4.11
• 4.12
• 4.13
• 4.14
• 4.15
• 4.16
• 4.17
• 4.18
• 4.19
• 4.20
• 4.21
• 4.22
• 4.23
• 4.24
• 4.25
• 4.26
• 4.27
• 4.28
• 4.29
• 4.30
• 4.31
• 4.32
• 4.33
• 4.34
• 4.35
• 4.36
• 4.37
• 4.38
• 4.39
• 4.40
• 4.41
• 4.42
• 4.43
• 4.44
• 4.45
• 4.46
• 4.47
• 4.48
• 4.49
• 4.50
• 4.51
• 4.52
• 4.53
• 4.54
• 4.55
• 4.56
• 4.57
• 4.58
• 4.59
• 4.60
• 4.61
• 4.62
• 4.63
• 4.64
• 4.65
• 4.66
• 4.67
• 4.68
• 4.69
• 4.70
• 4.71
• 4.72
• 4.73
• 4.74
• 4.75
• 4.76
• 4.77
• 4.78
• 4.79
• 4.80

Website

• Product: https://github.com/fleetdm/fleet/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion