Fleet is an open-source device management platform that supports certificate templates scoped to individual teams. In versions before 4.80.1, the batch deletion API endpoint for certificate templates suffers from an incorrect authorization check (CWE-863). Specifically, the API validates authorization based on a user-supplied team identifier but fails to verify that the certificate template IDs being deleted actually belong to that team. Consequently, a team administrator can delete certificate templates associated with other teams within the same Fleet instance. This vulnerability impacts the integrity and availability of certificate templates, which are critical for certificate-based workflows such as device enrollment, Wi-Fi authentication, and VPN access. However, it does not allow privilege escalation, access to sensitive data, or compromise of Fleet’s control plane. The CVSS 4.0 score is 1.2 (low severity), reflecting the limited impact and the requirement for team administrator privileges to exploit. The flaw was publicly disclosed and patched in version 4.80.1. No known exploits are reported in the wild. Mitigation involves upgrading to the patched version or restricting certificate template management access to trusted users and minimizing delegation of team administrator roles.

The primary impact is on the integrity and availability of certificate templates across teams within a Fleet instance. Unauthorized deletion of certificate templates can disrupt critical certificate-dependent workflows such as device enrollment, Wi-Fi authentication, and VPN access, potentially causing operational downtime or degraded security posture for affected teams. Since the vulnerability does not allow privilege escalation or data exposure, the confidentiality and control plane integrity remain intact. However, organizations relying heavily on Fleet for device and certificate management may experience interruptions in their security infrastructure and device provisioning processes. The impact is limited to multi-team Fleet deployments where team administrators have deletion privileges, and the vulnerability requires authenticated access with elevated permissions, reducing the risk of widespread exploitation.

The definitive mitigation is to upgrade Fleet to version 4.80.1 or later, where the authorization check is properly enforced. If immediate upgrading is not feasible, organizations should implement strict access controls by limiting certificate template management permissions to highly trusted users only. Avoid delegating team administrator privileges unless absolutely necessary, and regularly audit team administrator roles and actions. Additionally, monitoring deletion API calls and certificate template inventories can help detect unauthorized deletions early. Implementing role-based access controls (RBAC) with the principle of least privilege and segregating teams to minimize cross-team administrative overlap will further reduce risk. Finally, organizations should maintain backups of certificate templates to enable recovery in case of accidental or malicious deletions.