216.73.216.233

CVE-2026-34387

· Published 27/03/2026 19:16 · Modified 27/03/2026 19:16

Labels: CVE-2026-34387 2026-03-27CVE-2026-34387CWE-78[email protected]

Essential information

Published
27/03/2026 19:16
Modified
27/03/2026 19:16
Author
Creator
CVSS
5.7 MEDIUM (v3) 5.7 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed hosts when an uninstall is triggered for a crafted software package. Version 4.81.1 patches the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fleet / device management cpe:2.3:a:fleet:device_management:*:*:*:*:*:*:*:*
fleet / device management cpe:2.3:a:fleet:device_management:<4.81.1:*:*:*:*:*:*
apple / macos cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
linux / linux cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*

References