CVE-2026-23998
high
CVSS v3
7.5
CVSS v2
—
VIR risk
7.5
Description
Fleet has a Windows MDM management endpoint authentication bypass
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-advisories@github.com — https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
Vendor advisory: security-advisories@github.com — https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/fleetdm/fleet/v4 | <4.81.0 | 4.81.0 |
| GO | github.com/fleetdm/fleet/v4 | < 4.81.0 | 4.81.0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| fleetdm | fleet | {"endExcluding":"4.81.0"} | 4.81.0 |
References
- https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
- https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
- https://nvd.nist.gov/vuln/detail/CVE-2026-23998
- https://github.com/fleetdm/fleet
- https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
- https://github.com/advisories/GHSA-2rc4-7jc6-qffh
CWEs
CWE-295
Verify integrity in audit chain (admin only). AS-IS.