CNNVD-202601-3337 Information
CNNVD ID
CNNVD-202601-3337
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Fleet是Fleet的一个开源的设备管理平台,支持多种操作系统和设备,帮助 IT 和安全团队进行设备管理、漏洞报告、MDM 等操作,免费且灵活。 Fleet存在数据伪造问题漏洞,该漏洞源于JWT签名未经验证,可能导致攻击者提交伪造的身份验证令牌并注册未经授权的设备。以下版本受到影响:4.78.3之前版本、4.77.1之前版本、4.76.2之前版本、4.75.2之前版本和4.53.3之前版本。
Description (English)
Fleet is an open-source equipment management platform for Fleet, which supports multiple operating systems and equipment and assists IT and security teams in equipment management, gap reporting, MDM, etc., free of charge and flexible. Fleet has a loophole in the problem of data forgery, which stems from the unverified signature of JWT, which may lead the attackers to submit forged identification badges and register unauthorized equipment. The following versions have been affected: pre 4.78.3, pre 4.77.1, pre 4.76.2, pre 4.75.2 and pre 4.53.3.
Hazard Level
Low
Vulnerability Type
数据伪造问题
Affected Vendor
Fleet
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/fleetdm/fleet/security/advisories/GHSA-63m5-974w-448v https://github.com/fleetdm/fleet/commit/e225ef57912c8f4ac8977e24b5ebe1d9fd875257 https://access.redhat.com/security/cve/cve-2026-23518
Patch
https://github.com/fleetdm/fleet/releases
Share on: