Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. Version 4.81.1 patches the issue.
AnalysisAI
Fleet device management software versions prior to 4.81.1 allow malicious enrolled Windows devices to access Mobile Device Management (MDM) commands intended for other devices, potentially disclosing sensitive configuration data including WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. The vulnerability stems from improper authorization controls in Windows MDM command processing, affecting any organization using Fleet for Windows device management. Vendor-released patch: version 4.81.1.
Technical ContextAI
Fleet is an open source device management and mobile device management (MDM) platform. The vulnerability exists in the Windows MDM command processing subsystem, which handles the delivery and execution of management commands across enrolled Windows devices. The root cause is classified under CWE-488 (Exposure of Data Through Directory Listing), indicating that the vulnerability allows unauthorized access to data or commands that should be restricted by proper authorization checks. When a Windows device enrolls in Fleet's MDM system, it should only be able to access commands and configurations intended for itself. The flaw allows a compromised or malicious enrolled device to bypass these authorization controls and retrieve MDM commands destined for other devices in the fleet, effectively exposing sensitive command payloads and configuration data shared across the infrastructure.
RemediationAI
Upgrade Fleet to version 4.81.1 or later immediately. This is the primary and complete remediation, as the vendor has released a patched version that addresses the Windows MDM command authorization flaw. Organizations unable to upgrade immediately should restrict network access to the Fleet management server to trusted administrative networks only, implement strict device enrollment controls to prevent malicious device enrollment, and audit MDM command logs for unauthorized device access patterns. For detailed remediation guidance, refer to the GitHub security advisory at https://github.com/fleetdm/fleet/security/advisories/GHSA-wg7j-pcc3-h4rh.
Same weakness CWE-488 – Exposure of Data Element to Wrong Session
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16799