Skip to main content

Suse CVE-2026-34386

| EUVDEUVD-2026-16756 MEDIUM
SQL Injection (CWE-89)
2026-03-27 GitHub_M GHSA-9p23-p2m4-2r4m
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 27, 2026 - 19:00 euvd
EUVD-2026-16756
Analysis Generated
Mar 27, 2026 - 19:00 vuln.today
CVE Published
Mar 27, 2026 - 18:30 nvd
MEDIUM 6.3

DescriptionGitHub Advisory

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs via direct API calls. Version 4.81.0 patches the issue.

AnalysisAI

SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.

Technical ContextAI

Fleet (cpe:2.3:a:fleetdm:fleet) is an open-source device management platform that uses SQL databases to store configuration and device data. The vulnerability exists in the MDM (Mobile Device Management) bootstrap package configuration handler, which fails to properly sanitize user-supplied input before incorporating it into SQL queries. This is a classic CWE-89 SQL injection flaw where attacker-controlled data reaches a SQL query construction context without parameterized query defense. The affected API endpoints accept configuration data directly from authenticated administrators and pass it unsafely to the database layer, allowing attackers to break out of the intended query context and execute arbitrary SQL commands.

RemediationAI

Upgrade Fleet to version 4.81.0 or later immediately, as vendor-released patch 4.81.0 addresses the SQL injection flaw. For environments unable to patch immediately, restrict administrative API access to trusted networks via firewall rules, enforce strong authentication for Team Admin and Global Admin accounts, disable MDM bootstrap package configuration functionality if unused, and audit recent changes to team configurations for signs of unauthorized modification. Regular access reviews of administrative accounts should be conducted to detect compromised credentials.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-34386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy