AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-5jvp-m9h4-253h: Fleet: Authorization Bypass in certificate template batch deletion for team administrators

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 26, 2026CVE-2026-25963

Summary

Fleet, a device management system, had a broken authorization check (a failure to properly verify permissions) in its certificate template deletion feature that allowed a team administrator to delete certificate templates belonging to other teams. This could disrupt certificate-based services like device enrollment and Wi-Fi authentication for other teams, though it didn't allow attackers to access sensitive data or take control of Fleet's main systems.

Solution / Mitigation

Upgrade to v4.80.1. If an immediate upgrade is not possible, administrators should restrict access to certificate template management to trusted users and avoid delegating team administrator permissions where not strictly required.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Affected Packages

github.com/fleetdm/fleet/v4@< 4.80.1 (fixed: 4.80.1)

Original source: https://github.com/advisories/GHSA-5jvp-m9h4-253h

First tracked: February 26, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%