Vulnerability in Fleet's Windows MDM Management Endpoint
CVE-2026-23998

8.2HIGH

Key Information:

Vendor

Fleetdm

Status
Fleet
Vendor
CVE Published:
14 May 2026

What is CVE-2026-23998?

Fleet, the open-source device management software, has a vulnerability in its Windows MDM management endpoint that affects versions prior to 4.81.0. This issue arises from improper validation of client certificates, which can allow malicious requests to be mistakenly authorized as trusted. An attacker who has knowledge of a valid enrolled device identifier could impersonate that device, enabling them to access sensitive configuration data such as Wi-Fi and VPN settings, as well as other critical secrets delivered via MDM profiles. While the flaw does not facilitate the enrollment of new devices or grant administrative access to the Fleet platform itself, it poses a significant risk to the integrity of the targeted Windows device configurations. Users of affected versions are advised to upgrade to version 4.81.0, which includes necessary security patches. In the interim, temporarily disabling Windows MDM is recommended to mitigate potential risks.

Affected Version(s)

fleet < 4.81.0

References

https://github.com/fleetdm/fleet/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.