Fleet has a JWT signature bypass vulnerability in Azure AD...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.

Basic Information

ID CVE-2026-23518

Source GitHub_M

Published Jan 21, 2026 at 21:50

Modified Jan 22, 2026 at 16:49

Affected Product

Vendor fleetdm

Product fleet

Version >= 4.78.0, < 4.78.3

Affected Versions fleetdm fleet >= 4.78.0, < 4.78.3
fleetdm fleet >= 4.77.0, < 4.77.1
fleetdm fleet >= 4.76.0, < 4.76.2
fleetdm fleet >= 4.75.0, < 4.75.2
fleetdm fleet < 4.53.3

CWE Classification

CWE-347

References

{
    "lastseen": "",
    "description": "Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.",
    "published": "2026-01-21T21:50:47.998Z",
    "modified": "2026-01-22T16:49:50.477Z",
    "type": "cve",
    "title": "Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment",
    "source": "GitHub_M",
    "references": "https://github.com/fleetdm/fleet/security/advisories/GHSA-63m5-974w-448v\nhttps://github.com/fleetdm/fleet/commit/e225ef57912c8f4ac8977e24b5ebe1d9fd875257",
    "id": "CVE-2026-23518",
    "bulletinFamily": "",
    "cwe": [
        "CWE-347"
    ],
    "cvelist": null,
    "sourceData": "fleetdm fleet >= 4.78.0, < 4.78.3\nfleetdm fleet >= 4.77.0, < 4.77.1\nfleetdm fleet >= 4.76.0, < 4.76.2\nfleetdm fleet >= 4.75.0, < 4.75.2\nfleetdm fleet < 4.53.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "fleet",
    "version": ">= 4.78.0, < 4.78.3",
    "vendor": "fleetdm",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment_CVE-2026-23518