Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gx3x-9sm3-vqeu
Vulnerability ID VCID-gx3x-9sm3-vqeu
Aliases CVE-2026-23998
GHSA-2rc4-7jc6-qffh
Summary Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Fleet’s Windows MDM management endpoint relies on mutual TLS (mTLS) client certificates to authenticate enrolled devices. In affected versions, requests that did not present a client certificate could be incorrectly treated as trusted. As a result, an attacker with prior knowledge of a valid enrolled device identifier could potentially impersonate that device and receive configuration payloads intended for it. These payloads may contain sensitive information such as Wi-Fi or VPN configuration data, certificates, or other secrets delivered through MDM profiles. This issue does not allow enrollment of new devices, administrative access to Fleet, or compromise of the Fleet control plane. Impact is limited to the targeted Windows device. Version 4.81.0 contains a patch. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2026-23998
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2026-23998
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2026-23998
cvssv3.1 7.5 https://github.com/fleetdm/fleet
cvssv4 8.2 https://github.com/fleetdm/fleet
generic_textual HIGH https://github.com/fleetdm/fleet
cvssv3.1 7.5 https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
cvssv4 8.2 https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
generic_textual HIGH https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
cvssv3.1 7.5 https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
cvssv4 8.2 https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
generic_textual HIGH https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
ssvc Track https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
cvssv3.1 7.5 https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
cvssv4 8.2 https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
generic_textual HIGH https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
ssvc Track https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2026-23998
cvssv4 8.2 https://nvd.nist.gov/vuln/detail/CVE-2026-23998
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-23998
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-23998
https://github.com/fleetdm/fleet
https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
https://nvd.nist.gov/vuln/detail/CVE-2026-23998
fleet-v4.81.0 https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
GHSA-2rc4-7jc6-qffh https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/fleetdm/fleet
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/fleetdm/fleet
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/fleetdm/fleet/commit/3ff8119ab8f794806a4cc82e21f760c123d92966
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T14:12:42Z/ Found at https://github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T14:12:42Z/ Found at https://github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-23998
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-23998
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01477
EPSS Score 0.00011
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:41:55.216184+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/23xxx/CVE-2026-23998.json 38.6.0