Plattform
linux
Komponente
fleetdm/fleet
Behoben in
4.81.2
Fleet is open-source device management software, and a vulnerability has been identified affecting versions 4.81.0 through 4.81.0. This Command Injection flaw within the Orbit agent's FileVault disk encryption key rotation process allows a local, unprivileged user to potentially escalate to root privileges by injecting arbitrary Tcl commands. The vulnerability is resolved in version 4.81.1, and users are advised to upgrade promptly.
An unprivileged local user can exploit this vulnerability to gain root access to the system. This allows them to execute arbitrary commands with the highest privileges, potentially compromising the entire Fleet server and any managed devices. The attacker could modify system configurations, steal sensitive data, install malware, or disrupt services. The impact is particularly severe in environments where Fleet manages critical infrastructure or sensitive data.
CVE-2026-27806 was published on 2026-04-08. The CVSS score of 7.8 (HIGH) indicates a significant risk. The vulnerability requires local access but allows for privilege escalation to root, making it a serious concern. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
The primary mitigation is to upgrade Fleet to version 4.81.1 or later. If upgrading is not immediately possible, consider restricting access to the FileVault key rotation flow to trusted users only. Implement strict input validation and sanitization to prevent command injection. Monitor system logs for suspicious activity related to the FileVault key rotation process. After upgrading, confirm the fix by attempting to exploit the vulnerability; the injection should be blocked.
Actualice a la versión 4.81.1 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la inyección de comandos Tcl al validar correctamente la entrada del usuario antes de ejecutar scripts.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27806 is a Command Injection vulnerability in Fleet's Orbit agent. It allows a local user to inject commands into a script executed with root privileges during FileVault key rotation, potentially leading to privilege escalation.
You are affected if you are using Fleet version 4.81.0 or earlier. Versions prior to 4.81.1 are vulnerable to this Command Injection flaw.
Upgrade Fleet to version 4.81.1 to resolve this vulnerability. This version includes a fix that prevents the command injection.
CVSS-Vektor
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.