Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs via direct API calls. Version 4.81.0 patches the issue.
AnalysisAI
SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.
Technical ContextAI
Fleet (cpe:2.3:a:fleetdm:fleet) is an open-source device management platform that uses SQL databases to store configuration and device data. The vulnerability exists in the MDM (Mobile Device Management) bootstrap package configuration handler, which fails to properly sanitize user-supplied input before incorporating it into SQL queries. This is a classic CWE-89 SQL injection flaw where attacker-controlled data reaches a SQL query construction context without parameterized query defense. The affected API endpoints accept configuration data directly from authenticated administrators and pass it unsafely to the database layer, allowing attackers to break out of the intended query context and execute arbitrary SQL commands.
RemediationAI
Upgrade Fleet to version 4.81.0 or later immediately, as vendor-released patch 4.81.0 addresses the SQL injection flaw. For environments unable to patch immediately, restrict administrative API access to trusted networks via firewall rules, enforce strong authentication for Team Admin and Global Admin accounts, disable MDM bootstrap package configuration functionality if unused, and audit recent changes to team configurations for signs of unauthorized modification. Regular access reviews of administrative accounts should be conducted to detect compromised credentials.
Same weakness CWE-89 – SQL Injection
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16756
GHSA-9p23-p2m4-2r4m