Skip to main content

Suse CVE-2026-34388

| EUVDEUVD-2026-16795 MEDIUM
Improper Check or Handling of Exceptional Conditions (CWE-703)
2026-03-27 GitHub_M GHSA-w254-4hp5-7cvv
6.6
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.6 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 27, 2026 - 19:30 euvd
EUVD-2026-16795
Analysis Generated
Mar 27, 2026 - 19:30 vuln.today
CVE Published
Mar 27, 2026 - 19:13 nvd
MEDIUM 6.6

DescriptionGitHub Advisory

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue.

AnalysisAI

Denial-of-service vulnerability in Fleet device management software prior to version 4.81.0 allows authenticated hosts to crash the entire Fleet server process by sending a malformed log type value to the gRPC Launcher endpoint, disrupting all connected devices, MDM enrollments, and API consumers. The vulnerability requires prior authentication but affects availability across the entire infrastructure. Vendor-released patch: version 4.81.0.

Technical ContextAI

Fleet's gRPC Launcher endpoint implements log type validation at the application layer. The vulnerability stems from improper input validation (CWE-703: Improper Check or Handling of Exceptional Conditions) where unexpected log type values trigger an uncaught exception or unhandled edge case, causing the server process to terminate abnormally. gRPC is a high-performance RPC framework using Protocol Buffers for serialization; malformed message payloads that violate schema constraints can propagate uncontrolled through the application if validation boundaries are incomplete. The affected product cpe:2.3:a:fleetdm:fleet:*:*:*:*:*:*:*:* encompasses all versions prior to 4.81.0.

RemediationAI

Upgrade Fleet to version 4.81.0 or later, which contains the fix for input validation on the gRPC Launcher endpoint. The patch adds proper exception handling and validation for log type values to prevent server termination on unexpected inputs. Administrators should apply this update urgently, especially in production MDM environments. Refer to the GitHub security advisory at https://github.com/fleetdm/fleet/security/advisories/GHSA-w254-4hp5-7cvv for detailed upgrade instructions and rollout guidance. Until patching is complete, monitor server logs for unexpected exceptions from the Launcher endpoint and implement network segmentation to limit which hosts can reach the gRPC endpoint if available.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-34388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy