Plateforme
linux
Composant
fleetdm/fleet
Corrigé dans
4.81.2
Fleet is open-source device management software, and a vulnerability has been identified affecting versions 4.81.0 through 4.81.0. This Command Injection flaw within the Orbit agent's FileVault disk encryption key rotation process allows a local, unprivileged user to potentially escalate to root privileges by injecting arbitrary Tcl commands. The vulnerability is resolved in version 4.81.1, and users are advised to upgrade promptly.
Statut de l'Exploit
EPSS
0.01% (percentile 2%)
CISA SSVC
Actualice a la versión 4.81.1 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la inyección de comandos Tcl al validar correctamente la entrada del usuario antes de ejecutar scripts.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-27806 is a Command Injection vulnerability in Fleet's Orbit agent. It allows a local user to inject commands into a script executed with root privileges during FileVault key rotation, potentially leading to privilege escalation.
You are affected if you are using Fleet version 4.81.0 or earlier. Versions prior to 4.81.1 are vulnerable to this Command Injection flaw.
Upgrade Fleet to version 4.81.1 to resolve this vulnerability. This version includes a fix that prevents the command injection.
Vecteur CVSS
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.