← Voltar para CVEs
CVE-2026-34385
N/ADescricao
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/27/2026
Ultima modificacao3/30/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-89
Referencias
https://github.com/fleetdm/fleet/security/advisories/GHSA-v895-833r-8c45(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.