Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Summary
The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command("expect", "-c", script). Because the password is inserted into Tcl brace-quoted send {%s}, a password containing } terminates the literal and injects arbitrary Tcl commands. Since Orbit runs as root, this allows a local unprivileged user to escalate to root privileges.
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-94: Improper Control of Generation of Code ('Code Injection')
Impact
- Local privilege escalation to root: Any unprivileged local user on a managed endpoint can execute arbitrary commands as root
Credit
This vulnerability was discovered and reported by bugbunny.ai.
AnalysisAI
Local privilege escalation to root in Fleet Orbit agent (macOS) allows authenticated local users to inject arbitrary Tcl commands via malformed FileVault password input. The vulnerability stems from unsafe interpolation of user-supplied passwords into expect scripts executed as root. CVSS 7.8 (High) with EPSS data unavailable; no public exploit identified at time of analysis, though exploitation requires only a specially crafted password containing closing brace characters. Impacts organizations using Fleet's macOS disk encryption management.
Technical ContextAI
Fleet Orbit is a cross-platform agent for the Fleet device management platform (pkg:go/github.com_fleetdm_fleet_v4). On macOS, Orbit manages FileVault disk encryption key rotation by prompting users for their password via GUI dialog, then using that password in an automated expect script to complete the rotation. The implementation uses Go's exec.Command to invoke expect with a dynamically constructed Tcl script containing the user password wrapped in Tcl brace-quoting: send {user_password}. Tcl brace-quoting is not escape-aware; a closing brace in the password string terminates the literal prematurely, allowing injection of arbitrary Tcl commands. Because Orbit runs with root privileges to perform system-level disk encryption operations, injected Tcl commands execute as root. This represents a classic CWE-78 OS command injection vulnerability compounded by CWE-94 code injection, where untrusted data (user password) flows directly into executable code context without sanitization or parameterization.
RemediationAI
Apply the vendor-released patch referenced in GitHub Security Advisory GHSA-rphv-h674-5hp2 at https://github.com/fleetdm/fleet/security/advisories/GHSA-rphv-h674-5hp2. Upgrade Fleet Orbit agent to the patched version specified in the advisory, which implements proper input sanitization or parameterization for expect script construction. Until patching is complete, consider disabling automated FileVault key rotation in Fleet and performing manual key escrow, or restrict Orbit deployment to trusted user environments only. Review audit logs for unexpected privilege escalation events or suspicious expect process invocations by Orbit. No effective workaround exists short of disabling the vulnerable feature, as the flaw is architectural in the password handling flow.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20540
GHSA-rphv-h674-5hp2