Fleet Open-Source Platform Critical SQL Injection and DoS Vulnerabilities
Summary
CERT-Bund issued critical security advisory WID-SEC-2026-0902 alerting to severe vulnerabilities in Fleet open-source device management platform versions prior to 4.81.1. The vulnerabilities include SQL injection, denial of service, security bypass, information disclosure, and remote code execution with admin privileges, achieving CVSS Base Score 9.8 (critical). Organizations running Fleet on Linux or UNIX systems should immediately update to version 4.81.1 or later.
What changed
CERT-Bund disclosed multiple critical vulnerabilities (advisory WID-SEC-2026-0902) in Fleet open-source device management platform versions below 4.81.1. Affected systems running Linux or UNIX can be exploited via remote attack to execute SQL injection, cause denial of service, bypass security controls, disclose sensitive information, and execute arbitrary code with administrator privileges. CVSS Base Score is 9.8 (critical) with Temporal Score of 8.5 (high).
Organizations using Fleet must immediately identify any affected deployments and upgrade to version 4.81.1 or later. No formal compliance deadline is specified; however, immediate patching is strongly recommended given the critical severity and active exploit potential. Monitor for indicators of compromise and apply mitigations as referenced in the advisory. The vulnerability IDs and additional technical details are linked through the provided CVE and information references.
What to do next
- Identify all Fleet deployments running versions below 4.81.1 on Linux or UNIX systems
- Upgrade Fleet to version 4.81.1 or later immediately
- Monitor for indicators of compromise and review logs for SQL injection or unauthorized access attempts
Archived snapshot
Mar 30, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-0902] Fleet: Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 29.03.2026 Stand 30.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
Produktbeschreibung
Fleet ist eine Open-Source-Plattform zur Geräteverwaltung, die es Unternehmen ermöglicht, ihre Infrastruktur zu überwachen und zu sichern.
Produkte
29.03.2026
- Open Source Fleet <4.81.1
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Fleet ausnutzen, um einen SQL-Injection Angriff durchzuführen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um beliebigen Programmcode mit Administratorrechten auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.