CVE-2026-23998: Fleet has a Windows MDM management endpoint authentication bypass

May 14, 2026

A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data.

References

github.com/advisories/GHSA-2rc4-7jc6-qffh
github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
github.com/fleetdm/fleet/security/advisories/GHSA-2rc4-7jc6-qffh
nvd.nist.gov/vuln/detail/CVE-2026-23998

Code Behaviors & Features

Detect and mitigate CVE-2026-23998 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →