CVE-2026-34388

Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Description

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Version 4.81.0 patches the issue.

INFO

Published Date :

2026-03-27T19:13:00.388Z

Last Modified :

2026-03-27T19:13:00.388Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-34388 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34388.

URL	Resource
https://github.com/fleetdm/fleet/security/advisories/GHSA-w254-4hp5-7cvv

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability