AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-9p23-p2m4-2r4m: Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

mediumvulnerability

security

Source: GitHub Advisory DatabaseMarch 30, 2026CVE-2026-34386

Summary

Fleet has a SQL injection vulnerability (a type of attack where specially crafted input tricks a database into running unintended commands) in its MDM bootstrap package (the setup files for mobile device management) that allows authenticated admins to corrupt data across teams, steal sensitive information like password hashes and API tokens, and potentially gain higher privileges. The vulnerability only affects instances where Apple MDM is enabled.

Solution / Mitigation

Affected Fleet users should upgrade to a patched version. If an immediate upgrade is not possible, temporarily disable Apple MDM or limit admin roles as a workaround.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

March 30, 2026

Classification

Attack SophisticationModerate

Affected Packages

github.com/fleetdm/fleet/v4@< 4.81.0 (fixed: 4.81.0)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-9p23-p2m4-2r4m

First tracked: March 30, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%