VIR Vulnerability Intelligence Relay

CVE-2026-22808

unknown
Published 2026-01-20 · Modified 2026-02-03
CVSS v3
CVSS v2
VIR risk

Description

Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability in github.com/fleetdm/fleet

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact
EcosystemPackageVulnerableFixed
golang Gogithub.com/fleetdm/fleet>=4.78.0,<4.78.24.78.2
golang Gogithub.com/fleetdm/fleet>=4.77.0,<4.77.14.77.1
golang Gogithub.com/fleetdm/fleet>=4.76.0,<4.76.24.76.2
golang Gogithub.com/fleetdm/fleet>=4.75.0,<4.75.24.75.2
golang Gogithub.com/fleetdm/fleet/v4<4.43.5-0.20260111020427-0e6c790803d14.43.5-0.20260111020427-0e6c790803d1
golang Gogithub.com/fleetdm/fleet/v4>=4.78.0,<4.78.24.75.2

References

Verify integrity in audit chain (admin only). AS-IS.