Skip to main content

Apple CVE-2026-34385

| EUVDEUVD-2026-16754 MEDIUM
SQL Injection (CWE-89)
2026-03-27 GitHub_M GHSA-v895-833r-8c45
6.2
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.2 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 27, 2026 - 19:00 euvd
EUVD-2026-16754
Analysis Generated
Mar 27, 2026 - 19:00 vuln.today
CVE Published
Mar 27, 2026 - 18:29 nvd
MEDIUM 6.2

DescriptionGitHub Advisory

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue.

AnalysisAI

SQL injection in Fleet's Apple MDM profile delivery pipeline before version 4.81.0 allows authenticated attackers with valid MDM enrollment certificates to exfiltrate or modify database contents, including user credentials, API tokens, and device enrollment secrets. This second-order SQL injection vulnerability affects the cpe:2.3:a:fleetdm:fleet product line and requires valid MDM enrollment credentials to exploit, limiting the attack surface to adversaries who have already established trust within the MDM enrollment process. No public exploit code or active exploitation has been identified at the time of this analysis.

Technical ContextAI

Fleet is an open-source device management platform that integrates with Apple's Mobile Device Management (MDM) infrastructure to manage enrolled Apple devices. The vulnerability is classified as CWE-89 (SQL Injection), specifically a second-order variant where malicious input is stored during MDM profile delivery and later executed as SQL commands when that data is processed. Second-order SQL injection is particularly dangerous because the attack vector and execution point are separated, making detection and input validation more difficult. The attack occurs within Fleet's MDM profile delivery pipeline, which handles certificate-based authentication and device enrollment workflows. The vulnerability requires an attacker to possess a valid MDM enrollment certificate, indicating the attack surface is limited to entities that have successfully participated in an MDM trust establishment process.

RemediationAI

Upgrade Fleet to version 4.81.0 or later immediately to apply the vendor-released patch that addresses the SQL injection vulnerability. Organizations unable to upgrade immediately should restrict network access to Fleet instances to trusted internal networks and enforce strong authentication controls on MDM enrollment certificate issuance, limiting certificate distribution to known and trusted devices. Additionally, implement database access controls and monitor SQL query logs for suspicious patterns indicative of SQL injection attempts. Review MDM enrollment certificate logs to identify any certificates issued to unexpected principals. The official patch and migration guidance are available in the vendor security advisory at https://github.com/fleetdm/fleet/security/advisories/GHSA-v895-833r-8c45.

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-34385 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy