AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-2rc4-7jc6-qffh: Fleet has a Windows MDM management endpoint authentication bypass

highvulnerability

security

Source: GitHub Advisory DatabaseMay 14, 2026CVE-2026-23998

Summary

Fleet, a device management system, had a security flaw in its Windows MDM (mobile device management, a system for controlling and configuring devices) endpoint where requests without proper client certificates (digital credentials proving a device's identity) were incorrectly accepted as trusted. An attacker who knew a valid device's identifier could impersonate that device and receive sensitive configuration data like Wi-Fi passwords or VPN settings intended for the real device.

Solution / Mitigation

If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

May 14, 2026

Classification

Attack SophisticationModerate

Affected Packages

github.com/fleetdm/fleet/v4@< 4.81.0 (fixed: 4.81.0)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-2rc4-7jc6-qffh

First tracked: May 14, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%