Skip to main content

Fleet MDM CVE-2026-46371

MEDIUM
SQL Injection (CWE-89)
2026-06-12 https://github.com/fleetdm/fleet GHSA-x4qr-qw6h-wvxq
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Observer-role authentication is required (PR:L); network-accessible API endpoint (AV:N); C:H reflects node_key and secret exfiltration; no write or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 12, 2026 - 21:51 vuln.today
Analysis Generated
Jun 12, 2026 - 21:51 vuln.today
CVE Published
Jun 12, 2026 - 21:00 github-advisory
MEDIUM 6.5

DescriptionGitHub Advisory

Summary

A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables - including host enrollment secrets and Apple Push Notification Service (APNS) tokens - through a cursor-based binary search oracle. The endpoint accepted a user-supplied order_key parameter that was not validated against a column allowlist.

Impact

The GET /api/v1/fleet/mdm/apple/commands endpoint constructs its query using a deprecated helper that did not restrict which columns could appear in the ORDER BY clause. The underlying query joins the hosts and nano_enrollments tables, so any column on those tables could be supplied as order_key. An attacker with Observer credentials could then use the cursor-based pagination parameter (after) to binary-search the value of the chosen column one character at a time. The targeted values never appeared in the response body, but the presence or absence of results revealed each character.

With extracted node_key or orbit_node_key values, an attacker could impersonate enrolled hosts to Fleet's osquery and Orbit endpoints, submit fabricated host data, and retrieve pending scripts and commands. The APNS values are exploitable only by a party that also possesses the organization's APNS certificate.

Exploitation required authenticated Observer access and a Fleet deployment with Apple MDM enabled and at least one queued MDM command. Instances without Apple MDM configured were not affected.

Workarounds

If an immediate upgrade is not possible, administrators should:

  • Restrict the Observer role to fully trusted users until the patch is applied
  • Rotate node_key and orbit_node_key for any host suspected of exposure by re-enrolling the affected hosts

For more information

If there are any questions or comments about this advisory:

Email Fleet at [security@fleetdm.com](mailto:security@fleetdm.com) Join #fleet in osquery Slack

Credits

Fleet thanks the Security Team at Palantir Technologies for responsibly reporting this issue.

AnalysisAI

Blind SQL injection in Fleet MDM's Apple MDM commands endpoint allows authenticated Observer-role users to exfiltrate sensitive database column values - including host enrollment secrets, node_key, orbit_node_key, and APNS tokens - via a cursor-based binary search oracle. The GET /api/v1/fleet/mdm/apple/commands endpoint accepted an unsanitized order_key parameter injected directly into an SQL ORDER BY clause without column validation, exposing all columns on the joined hosts and nano_enrollments tables. Extracted node_key values enable full host impersonation against Fleet's osquery and Orbit endpoints, making the effective impact materially higher than the 6.5 CVSS base score implies. No public exploit has been identified at time of analysis; vendor-released patch is available in Fleet 4.84.2.

Technical ContextAI

Fleet is an open-source device management and osquery platform written in Go (CPE: pkg:go/github.com/fleetdm/fleet/v4). The affected endpoint, GET /api/v1/fleet/mdm/apple/commands, constructs its SQL query using a deprecated internal helper that appends the user-supplied order_key request parameter directly into the ORDER BY clause without validating it against a column allowlist. Because the query joins the hosts and nano_enrollments tables, every column on both tables - including secrets not returned in the response body - is reachable as an injection target. The oracle technique exploits cursor-based pagination: the attacker supplies an after cursor value and varies order_key to observe whether results are returned, enabling character-by-character binary search of any target column value. This is a classic blind ORDER BY injection, classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The extracted node_key and orbit_node_key values serve as authentication tokens for Fleet's osquery and Orbit endpoints, so their exfiltration directly enables host impersonation.

RemediationAI

The primary fix is upgrading to Fleet 4.84.2, which introduces column allowlist validation for the order_key parameter on the affected endpoint, eliminating the injection surface. The advisory is available at https://github.com/fleetdm/fleet/security/advisories/GHSA-x4qr-qw6h-wvxq. If an immediate upgrade is not possible, the vendor recommends restricting the Observer role exclusively to fully trusted users, since Observer access is the sole prerequisite for the attack path; this effectively eliminates exploitation risk but may not be operationally feasible in environments with broad Observer provisioning. Additionally, rotate node_key and orbit_node_key for any hosts suspected of exposure by re-enrolling those hosts - note that re-enrollment causes a brief gap in host visibility and will interrupt any pending MDM commands. APNS tokens require rotation only if an attacker is also believed to separately possess the organization's APNS certificate, which is a distinct and higher bar.

Share

CVE-2026-46371 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy