AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-v895-833r-8c45: Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database

mediumvulnerability

security

Source: GitHub Advisory DatabaseMarch 30, 2026CVE-2026-34385

Summary

Fleet's Apple MDM profile delivery system has a critical second-order SQL injection vulnerability (a flaw where user input is stored safely first, but then later inserted directly into SQL code without protection), allowing an attacker with an enrolled device to steal or modify sensitive database contents like passwords and API tokens. The vulnerability only affects Fleet instances where Apple MDM is enabled, and exploitation requires a valid MDM enrollment certificate.

Solution / Mitigation

Affected Fleet users should temporarily disable Apple MDM if an immediate upgrade is not possible. (No version number or updated release is mentioned in the source.)

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

March 30, 2026

Classification

Attack SophisticationModerate

Affected Packages

github.com/fleetdm/fleet/v4@< 4.81.0 (fixed: 4.81.0)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-v895-833r-8c45

First tracked: March 30, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%