Denial-of-Service Vulnerability in Fleet Device Management Software by FleetDM
CVE-2026-34388

6.6MEDIUM

Key Information:

Vendor: Fleetdm
Status: Fleet
Vendor: CVE Published:; 27 March 2026

What is CVE-2026-34388?

FleetDM's device management software experiences a denial-of-service vulnerability prior to version 4.81.0, affecting the gRPC Launcher endpoint. An authenticated host can exploit this by sending an unexpected log type value, causing the Fleet server process to crash. This disruption impacts all connected hosts, MDM enrollments, and API consumers. Users are advised to upgrade to version 4.81.0 to mitigate this issue and maintain operational stability.

Affected Version(s)

fleet < 4.81.0

References

https://github.com/fleetdm/fleet/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34388 Data

JSON

Fleetdm

What is CVE-2026-34388?

Affected Version(s)

References

CVSS V4

Timeline