CVE-2026-26062: CWE-20: Improper Input Validation in fleetdm fleet
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host. An authenticated attacker with access to any enrolled Launcher node key could cause an immediate and complete denial of service by sending a single gRPC request to the `PublishLogs` endpoint. This vulnerability impacts availability only. There is no exposure of sensitive data, no authentication bypass, no privilege escalation, and no integrity impact. Version 4.81.0 contains a patch. If upgrading immediately is not possible, the following mitigations can reduce exposure. Restrict network access to the Fleet gRPC endpoint where feasible (for example, limiting inbound access to known host IP ranges); deploy Fleet behind infrastructure that terminates or filters gRPC traffic if Launcher log ingestion is not required; and/or monitor for repeated Fleet process crashes or unexpected restarts indicating potential exploitation.
AI Analysis
Technical Summary
Fleet is an open source device management platform. Versions before 4.81.0 contain a high-severity denial-of-service vulnerability (CVE-2026-26062) due to improper input validation (CWE-20) in the gRPC Launcher PublishLogs endpoint. When processing authenticated requests from enrolled Launcher hosts, unexpected input values can cause the Fleet server process to terminate unexpectedly. Exploitation requires an authenticated attacker with access to an enrolled Launcher node key. The vulnerability impacts only availability, with no exposure of sensitive data or privilege escalation. The issue is fixed in Fleet version 4.81.0. If immediate upgrade is not feasible, network-level restrictions and traffic filtering can reduce exposure.
Potential Impact
Successful exploitation results in a complete denial of service of the Fleet server process, impacting availability. There is no impact on confidentiality, integrity, or authentication mechanisms. The attacker must be authenticated with access to an enrolled Launcher node key to exploit this vulnerability.
Mitigation Recommendations
A patch is available in Fleet version 4.81.0 that resolves this vulnerability. Users are strongly advised to upgrade to this version. If upgrading immediately is not possible, mitigate risk by restricting network access to the Fleet gRPC endpoint to known host IP ranges, deploying Fleet behind infrastructure that can terminate or filter gRPC traffic if Launcher log ingestion is unnecessary, and monitoring for repeated Fleet process crashes or unexpected restarts that may indicate exploitation attempts.
CVE-2026-26062: CWE-20: Improper Input Validation in fleetdm fleet
Description
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host. An authenticated attacker with access to any enrolled Launcher node key could cause an immediate and complete denial of service by sending a single gRPC request to the `PublishLogs` endpoint. This vulnerability impacts availability only. There is no exposure of sensitive data, no authentication bypass, no privilege escalation, and no integrity impact. Version 4.81.0 contains a patch. If upgrading immediately is not possible, the following mitigations can reduce exposure. Restrict network access to the Fleet gRPC endpoint where feasible (for example, limiting inbound access to known host IP ranges); deploy Fleet behind infrastructure that terminates or filters gRPC traffic if Launcher log ingestion is not required; and/or monitor for repeated Fleet process crashes or unexpected restarts indicating potential exploitation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Fleet is an open source device management platform. Versions before 4.81.0 contain a high-severity denial-of-service vulnerability (CVE-2026-26062) due to improper input validation (CWE-20) in the gRPC Launcher PublishLogs endpoint. When processing authenticated requests from enrolled Launcher hosts, unexpected input values can cause the Fleet server process to terminate unexpectedly. Exploitation requires an authenticated attacker with access to an enrolled Launcher node key. The vulnerability impacts only availability, with no exposure of sensitive data or privilege escalation. The issue is fixed in Fleet version 4.81.0. If immediate upgrade is not feasible, network-level restrictions and traffic filtering can reduce exposure.
Potential Impact
Successful exploitation results in a complete denial of service of the Fleet server process, impacting availability. There is no impact on confidentiality, integrity, or authentication mechanisms. The attacker must be authenticated with access to an enrolled Launcher node key to exploit this vulnerability.
Mitigation Recommendations
A patch is available in Fleet version 4.81.0 that resolves this vulnerability. Users are strongly advised to upgrade to this version. If upgrading immediately is not possible, mitigate risk by restricting network access to the Fleet gRPC endpoint to known host IP ranges, deploying Fleet behind infrastructure that can terminate or filter gRPC traffic if Launcher log ingestion is unnecessary, and monitoring for repeated Fleet process crashes or unexpected restarts that may indicate exploitation attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-10T18:01:31.900Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a062489ec166c07b00b4bc4
Added to database: 5/14/2026, 7:37:45 PM
Last enriched: 5/14/2026, 7:53:35 PM
Last updated: 5/15/2026, 6:29:49 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.