Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

5.5 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Description

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage. This could allow unauthorized access to Fleet, including administrative access, visibility into device data, and modification of configuration. Versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.

Basic Information

ID CVE-2026-22808

Source GitHub_M

Published Jan 21, 2026 at 21:18

Modified Jan 22, 2026 at 16:50

Affected Product

Vendor fleetdm

Product fleet

Version >= 4.78.0, < 4.78.2

Affected Versions fleetdm fleet >= 4.78.0, < 4.78.2
fleetdm fleet >= 4.77.0, < 4.77.1
fleetdm fleet >= 4.76.0, < 4.76.2
fleetdm fleet < 4.53.3

CWE Classification

CWE-79

References

github.com /fleetdm/fleet/security/advisories/GHSA-gfpw-jgvr-cw4j

{
    "lastseen": "",
    "description": "fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage. This could allow unauthorized access to Fleet, including administrative access, visibility into device data, and modification of configuration. Versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.",
    "published": "2026-01-21T21:18:26.283Z",
    "modified": "2026-01-22T16:50:28.717Z",
    "type": "cve",
    "title": "Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/fleetdm/fleet/security/advisories/GHSA-gfpw-jgvr-cw4j",
    "id": "CVE-2026-22808",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "fleetdm fleet >= 4.78.0, < 4.78.2\nfleetdm fleet >= 4.77.0, < 4.77.1\nfleetdm fleet >= 4.76.0, < 4.76.2\nfleetdm fleet < 4.53.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "fleet",
    "version": ">= 4.78.0, < 4.78.2",
    "vendor": "fleetdm",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability_CVE-2026-22808