CVE-2026-26062: Fleet server may terminate unexpectedly when handling certain gRPC requests

May 14, 2026

Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host.

References

github.com/advisories/GHSA-x67p-9m2r-fxqv
github.com/fleetdm/fleet/releases/tag/fleet-v4.81.0
github.com/fleetdm/fleet/security/advisories/GHSA-x67p-9m2r-fxqv
nvd.nist.gov/vuln/detail/CVE-2026-26062

Code Behaviors & Features

Detect and mitigate CVE-2026-26062 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →