{"id":"CVE-2026-34385","summary":"Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database","details":"Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment secrets. Version 4.81.0 patches the issue.","aliases":["GHSA-v895-833r-8c45","GO-2026-4914"],"modified":"2026-04-10T05:43:01.425593Z","published":"2026-03-27T18:29:05.556Z","related":["SUSE-SU-2026:1205-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34385.json","cwe_ids":["CWE-89"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34385.json"},{"type":"ADVISORY","url":"https://github.com/fleetdm/fleet/security/advisories/GHSA-v895-833r-8c45"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34385"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fleetdm/fleet","events":[{"introduced":"0"},{"fixed":"9dbcc38ce1046074ac230804f32ae1689026041f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.81.0"}]}}],"versions":["1.0.0","1.0.0-rc1","1.0.0-rc2","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","2.0.0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4","2.0.0-rc5","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","2.2.0","2.3.0","2.4.0","2.5.0","2.6.0","3.0.0","3.1.0","3.10.0","3.10.1","3.11.0","3.12.0","3.13.0","3.2.0","3.3.0","3.4.0","3.5.0","3.5.1","3.6.0","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","3.9.0","fleet-v4.10.0","fleet-v4.11.0","fleet-v4.12.0","fleet-v4.13.0","fleet-v4.14.0","fleet-v4.15.0","fleet-v4.16.0","fleet-v4.17.0","fleet-v4.18.0","fleet-v4.19.0","fleet-v4.2.0","fleet-v4.2.2","fleet-v4.20.0","fleet-v4.22.0","fleet-v4.23.0","fleet-v4.24.0","fleet-v4.25.0","fleet-v4.26.0","fleet-v4.27.0","fleet-v4.28.0","fleet-v4.29.0","fleet-v4.3.0","fleet-v4.3.1","fleet-v4.30.0","fleet-v4.31.0","fleet-v4.32.0","fleet-v4.33.0","fleet-v4.34.0","fleet-v4.35.0","fleet-v4.36.0","fleet-v4.37.0","fleet-v4.38.0","fleet-v4.39.0","fleet-v4.4.0","fleet-v4.40.0","fleet-v4.41.0","fleet-v4.43.0","fleet-v4.45.0","fleet-v4.47.0","fleet-v4.48.0","fleet-v4.49.0","fleet-v4.5.0","fleet-v4.50.0","fleet-v4.51.0","fleet-v4.6.0","fleet-v4.6.1","fleet-v4.7.0","fleet-v4.8.0","fleetctl-docker-deps-20260113","fleetctl-docker-deps-20260129","fleetctl-docker-deps-v4.60.0","fleetctl-docker-deps-v4.76.1","fleetd-android-v1.0.0","fleetd-chrome-v1.1.0-beta","fleetd-chrome-v1.1.1-beta","fleetd-chrome-v1.1.3","fleetd-chrome-v1.1.3-beta","fleetd-chrome-v1.2.0","fleetd-chrome-v1.2.0-beta","fleetd-chrome-v1.2.1-beta","fleetd-chrome-v1.3.0","fleetd-chrome-v1.3.1","orbit-test-build","orbit-v0.0.11","orbit-v0.0.12","orbit-v0.0.13","orbit-v0.0.4","orbit-v0.0.5","orbit-v0.0.6","orbit-v0.0.7","orbit-v0.0.9","orbit-v1.0.0","orbit-v1.1.0","orbit-v1.10.0","orbit-v1.11.0","orbit-v1.12.0","orbit-v1.12.1","orbit-v1.13.0","orbit-v1.14.0","orbit-v1.15.0","orbit-v1.16.0","orbit-v1.16.0-2","orbit-v1.17.0","orbit-v1.18.0-RC","orbit-v1.18.2","orbit-v1.18.3","orbit-v1.2.0-rc1","orbit-v1.20.0","orbit-v1.3.0","orbit-v1.3.0-rc","orbit-v1.4.0","orbit-v1.4.0-rc","orbit-v1.4.1","orbit-v1.41.0","orbit-v1.42.0","orbit-v1.43.0","orbit-v1.45.0","orbit-v1.48.0","orbit-v1.49.0","orbit-v1.5.0","orbit-v1.50.0","orbit-v1.51.0","orbit-v1.7.0","orbit-v1.8.0","orbit-v1.9.0","orbit-v1.9.1","rc-fleetctl-test-v4.63.0","tf-mod-addon-bfldf-v1.1.0","tf-mod-addon-byo-file-carving-target-account-v1.0.0","tf-mod-addon-byo-file-carving-target-account-v1.1.0","tf-mod-addon-byo-file-carving-v1.0.0","tf-mod-addon-byo-file-carving-v1.1.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v1.0.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v1.1.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.1","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.2","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3","tf-mod-addon-byo-firehose-logging-destination-target-account-v1.0.0","tf-mod-addon-byo-firehose-logging-destination-target-account-v1.1.0","tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.0","tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.1","tf-mod-addon-byo-kinesis-logging-destination-target-account-v1.0.0","tf-mod-addon-external-vuln-scans-v1.0.0","tf-mod-addon-external-vuln-scans-v2.0.0","tf-mod-addon-external-vuln-scans-v2.0.1","tf-mod-addon-external-vuln-scans-v2.0.2","tf-mod-addon-external-vuln-scans-v2.1.0","tf-mod-addon-external-vuln-scans-v2.2.0","tf-mod-addon-geolite2-v1.0.0","tf-mod-addon-logging-alb-v1.0.0","tf-mod-addon-logging-alb-v1.0.1","tf-mod-addon-logging-alb-v1.0.2","tf-mod-addon-logging-alb-v1.1.0","tf-mod-addon-logging-alb-v1.1.1","tf-mod-addon-logging-alb-v1.2.0","tf-mod-addon-logging-destination-firehose-v1.0.0","tf-mod-addon-logging-destination-firehose-v1.1.0","tf-mod-addon-logging-destination-firehose-v1.1.1","tf-mod-addon-mdm-v1.0.0","tf-mod-addon-mdm-v1.1.0","tf-mod-addon-mdm-v1.2.0","tf-mod-addon-mdm-v1.2.1","tf-mod-addon-mdm-v1.2.2","tf-mod-addon-mdm-v1.3.0","tf-mod-addon-mdm-v1.4.0","tf-mod-addon-mdm-v1.4.1","tf-mod-addon-mdm-v1.5.0","tf-mod-addon-mdm-v2.0.0","tf-mod-addon-mdmproxy-v1.0.0","tf-mod-addon-mdmproxy-v1.0.1","tf-mod-addon-migrations-v1.0.0","tf-mod-addon-migrations-v2.0.0","tf-mod-addon-migrations-v2.0.1","tf-mod-addon-monitoring-v1.0.0","tf-mod-addon-monitoring-v1.1.0","tf-mod-addon-monitoring-v1.1.1","tf-mod-addon-monitoring-v1.1.2","tf-mod-addon-monitoring-v1.1.3","tf-mod-addon-monitoring-v1.2.0","tf-mod-addon-monitoring-v1.3.0","tf-mod-addon-monitoring-v1.4.0","tf-mod-addon-monitoring-v1.4.1","tf-mod-addon-monitoring-v1.5.0","tf-mod-addon-monitoring-v1.5.1","tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.0.0","tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.1.0","tf-mod-addon-osquery-carve-split-account-split-account-v1.0.0","tf-mod-addon-osquery-carve-split-account-split-account-v1.1.0","tf-mod-addon-osquery-carve-v1.0.0","tf-mod-addon-osquery-carve-v1.0.1","tf-mod-addon-osquery-carve-v1.1.0","tf-mod-addon-osquery-perf-v1.0.0","tf-mod-addon-saml-auth-proxy-v1.0.0","tf-mod-addon-saml-auth-proxy-v1.1.0","tf-mod-addon-saml-auth-proxy-v1.2.0","tf-mod-addon-saml-auth-proxy-v1.3.0","tf-mod-addon-ses-v1.0.0","tf-mod-addon-ses-v1.1.0","tf-mod-addon-ses-v1.2.0","tf-mod-addon-vuln-processing-v1.0.0","tf-mod-addon-vuln-processing-v1.1.0","tf-mod-addon-waf-alb-v1.0.0","tf-mod-addon-waf-alb-v2.0.0","tf-mod-byo-db-v1.0.0","tf-mod-byo-db-v1.1.0","tf-mod-byo-db-v1.2.0","tf-mod-byo-db-v1.3.0","tf-mod-byo-db-v1.3.1","tf-mod-byo-db-v1.3.2","tf-mod-byo-db-v1.4.0","tf-mod-byo-db-v1.5.0","tf-mod-byo-db-v1.5.1","tf-mod-byo-db-v1.6.0","tf-mod-byo-db-v1.7.0","tf-mod-byo-db-v1.7.1","tf-mod-byo-db-v1.8.0","tf-mod-byo-db-v1.9.0","tf-mod-byo-ecs-v1.0.0","tf-mod-byo-ecs-v1.1.0","tf-mod-byo-ecs-v1.2.0","tf-mod-byo-ecs-v1.3.0","tf-mod-byo-ecs-v1.4.0","tf-mod-byo-ecs-v1.4.1","tf-mod-byo-ecs-v1.5.0","tf-mod-byo-ecs-v1.6.0","tf-mod-byo-ecs-v1.6.1","tf-mod-byo-ecs-v1.7.0","tf-mod-byo-ecs-v1.8.0","tf-mod-byo-ecs-v1.8.1","tf-mod-byo-vpc-v1.0.0","tf-mod-byo-vpc-v1.1.0","tf-mod-byo-vpc-v1.10.0","tf-mod-byo-vpc-v1.10.1","tf-mod-byo-vpc-v1.11.0","tf-mod-byo-vpc-v1.12.0","tf-mod-byo-vpc-v1.12.1","tf-mod-byo-vpc-v1.2.0","tf-mod-byo-vpc-v1.3.0","tf-mod-byo-vpc-v1.4.0","tf-mod-byo-vpc-v1.5.0","tf-mod-byo-vpc-v1.6.0","tf-mod-byo-vpc-v1.6.1","tf-mod-byo-vpc-v1.7.0","tf-mod-byo-vpc-v1.7.1","tf-mod-byo-vpc-v1.8.0","tf-mod-byo-vpc-v1.8.1","tf-mod-byo-vpc-v1.8.2","tf-mod-byo-vpc-v1.8.3","tf-mod-byo-vpc-v1.9.0","tf-mod-root-v1.0.0","tf-mod-root-v1.1.0","tf-mod-root-v1.1.1","tf-mod-root-v1.10.0","tf-mod-root-v1.11.0","tf-mod-root-v1.11.1","tf-mod-root-v1.2.0","tf-mod-root-v1.3.0","tf-mod-root-v1.4.0","tf-mod-root-v1.5.0","tf-mod-root-v1.5.1","tf-mod-root-v1.6.0","tf-mod-root-v1.6.1","tf-mod-root-v1.7.0","tf-mod-root-v1.7.1","tf-mod-root-v1.7.2","tf-mod-root-v1.7.3","tf-mod-root-v1.8.0","tf-mod-root-v1.9.0","tf-mod-root-v1.9.1","tf-mod-root-v1.9.2","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v4.0.0","v4.0.0-rc3","v4.0.1","v4.1.0","v4.28.0","v4.36.0","v4.37.0","v4.43.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34385.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"}]}