CVE-2026-34388 — HIGH (7.5)

Q: How severe is CVE-2026-34388?

CVE-2026-34388 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-34388?

Check the references section above for vendor advisories and patch information. Affected products include: Fleetdm Fleet.

Vulnerability Description

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fleetdm	Fleet	< 4.81.0

Related Weaknesses (CWE)

CWE-703

References

https://github.com/fleetdm/fleet/security/advisories/GHSA-w254-4hp5-7cvvVendor Advisory

FAQ

What is CVE-2026-34388?

CVE-2026-34388 is a vulnerability with a CVSS score of 7.5 (HIGH). Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server proc...

How severe is CVE-2026-34388?

CVE-2026-34388 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-34388?

Check the references section above for vendor advisories and patch information. Affected products include: Fleetdm Fleet.