AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-9pm7-6g36-6j78: Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 26, 2026CVE-2026-24004

Summary

Fleet, a device management system, has a vulnerability in its Android MDM (mobile device management, software that controls Android phones) Pub/Sub endpoint that allows attackers to unenroll Android devices without authentication. An attacker could send a specially crafted request to remove a targeted Android device from Fleet management, though this does not give access to Fleet itself, allow command execution, or reveal device data.

Solution / Mitigation

Upgrade Fleet to a patched version. If an immediate upgrade is not possible, temporarily disable Android MDM as a workaround.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Affected Packages

github.com/fleetdm/fleet/v4@< 4.80.1 (fixed: 4.80.1)

Original source: https://github.com/advisories/GHSA-9pm7-6g36-6j78

First tracked: February 26, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%