Description
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host. An authenticated attacker with access to any enrolled Launcher node key could cause an immediate and complete denial of service by sending a single gRPC request to the `PublishLogs` endpoint. This vulnerability impacts availability only. There is no exposure of sensitive data, no authentication bypass, no privilege escalation, and no integrity impact. Version 4.81.0 contains a patch. If upgrading immediately is not possible, the following mitigations can reduce exposure. Restrict network access to the Fleet gRPC endpoint where feasible (for example, limiting inbound access to known host IP ranges); deploy Fleet behind infrastructure that terminates or filters gRPC traffic if Launcher log ingestion is not required; and/or monitor for repeated Fleet process crashes or unexpected restarts indicating potential exploitation.
Published: 2026-05-14
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the gRPC Launcher “PublishLogs” endpoint of the Fleet open source device management software. Certain unexpected input values are not validated, leading to the Fleet server process terminating when an authenticated request is processed. The crash renders the service unavailable, delivering an immediate and complete denial of service. No data is exposed, authentication is not bypassed, privilege is not escalated, and integrity is not affected.

Affected Systems

The issue affects fleetdm: fleet versions prior to 4.81.0. Updating to version 4.81.0 or later removes the problem.

Risk and Exploitability

With a CVSS score of 8.7, this flaw is considered high severity. The exploit requires an authenticated attacker possessing a Launcher node key, but once that is available, a single gRPC request can crash the server. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, but the high CVSS indicates a serious risk if the conditions are met.

Generated by OpenCVE AI on May 14, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading Fleet to version 4.81.0 or later.
  • Restrict inbound access to the Fleet gRPC endpoint to trusted host IP ranges or networks.
  • If Launcher log ingestion is not needed, configure surrounding infrastructure to terminate or filter gRPC traffic to the Fleet server.
  • Continuously monitor for unexpected Fleet process crashes or restarts and investigate any suspicious activity.

Generated by OpenCVE AI on May 14, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x67p-9m2r-fxqv Fleet server may terminate unexpectedly when handling certain gRPC requests
History

Thu, 14 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Fleetdm
Fleetdm fleet
Vendors & Products Fleetdm
Fleetdm fleet

Thu, 14 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host. An authenticated attacker with access to any enrolled Launcher node key could cause an immediate and complete denial of service by sending a single gRPC request to the `PublishLogs` endpoint. This vulnerability impacts availability only. There is no exposure of sensitive data, no authentication bypass, no privilege escalation, and no integrity impact. Version 4.81.0 contains a patch. If upgrading immediately is not possible, the following mitigations can reduce exposure. Restrict network access to the Fleet gRPC endpoint where feasible (for example, limiting inbound access to known host IP ranges); deploy Fleet behind infrastructure that terminates or filters gRPC traffic if Launcher log ingestion is not required; and/or monitor for repeated Fleet process crashes or unexpected restarts indicating potential exploitation.
Title Fleet server may terminate unexpectedly when handling certain gRPC requests
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fleetdm Fleet
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-14T19:43:46.038Z

Reserved: 2026-02-10T18:01:31.900Z

Link: CVE-2026-26062

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:02.020

Modified: 2026-05-14T21:24:23.440

Link: CVE-2026-26062

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T20:30:04Z

Weaknesses