CVE-2026-26061

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-26061

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26061.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-26061

Aliases

Downstream

SUSE-SU-2026:1205-1

Related

SUSE-SU-2026:1205-1

Published

2026-03-27T18:23:49.791Z

Modified

2026-04-10T05:40:54.672135Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Fleet's unbounded request body read allows remote Denial of Service

Details

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service (DoS) condition. Version 4.81.0 patches the issue.

Database specific

{
    "cwe_ids": [
        "CWE-770"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26061.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/fleetdm/fleet

Affected ranges

Type

GIT

Repo

https://github.com/fleetdm/fleet

Events

Introduced

Fixed

9dbcc38ce1046074ac230804f32ae1689026041f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.81.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.0-rc1

1.0.0-rc2

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.*

2.0.0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.0.0-rc5

2.0.1

2.0.2

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

3.*

3.0.0

3.1.0

3.10.0

3.10.1

3.11.0

3.12.0

3.13.0

3.2.0

3.3.0

3.4.0

3.5.0

3.5.1

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.8.0

3.9.0

fleet-v4.*

fleet-v4.10.0

fleet-v4.11.0

fleet-v4.12.0

fleet-v4.13.0

fleet-v4.14.0

fleet-v4.15.0

fleet-v4.16.0

fleet-v4.17.0

fleet-v4.18.0

fleet-v4.19.0

fleet-v4.2.0

fleet-v4.2.2

fleet-v4.20.0

fleet-v4.22.0

fleet-v4.23.0

fleet-v4.24.0

fleet-v4.25.0

fleet-v4.26.0

fleet-v4.27.0

fleet-v4.28.0

fleet-v4.29.0

fleet-v4.3.0

fleet-v4.3.1

fleet-v4.30.0

fleet-v4.31.0

fleet-v4.32.0

fleet-v4.33.0

fleet-v4.34.0

fleet-v4.35.0

fleet-v4.36.0

fleet-v4.37.0

fleet-v4.38.0

fleet-v4.39.0

fleet-v4.4.0

fleet-v4.40.0

fleet-v4.41.0

fleet-v4.43.0

fleet-v4.45.0

fleet-v4.47.0

fleet-v4.48.0

fleet-v4.49.0

fleet-v4.5.0

fleet-v4.50.0

fleet-v4.51.0

fleet-v4.6.0

fleet-v4.6.1

fleet-v4.7.0

fleet-v4.8.0

Other

fleetctl-docker-deps-20260113

fleetctl-docker-deps-20260129

orbit-test-build

fleetctl-docker-deps-v4.*

fleetctl-docker-deps-v4.60.0

fleetctl-docker-deps-v4.76.1

fleetd-android-v1.*

fleetd-android-v1.0.0

fleetd-chrome-v1.*

fleetd-chrome-v1.1.0-beta

fleetd-chrome-v1.1.1-beta

fleetd-chrome-v1.1.3

fleetd-chrome-v1.1.3-beta

fleetd-chrome-v1.2.0

fleetd-chrome-v1.2.0-beta

fleetd-chrome-v1.2.1-beta

fleetd-chrome-v1.3.0

fleetd-chrome-v1.3.1

orbit-v0.*

orbit-v0.0.11

orbit-v0.0.12

orbit-v0.0.13

orbit-v0.0.4

orbit-v0.0.5

orbit-v0.0.6

orbit-v0.0.7

orbit-v0.0.9

orbit-v1.*

orbit-v1.0.0

orbit-v1.1.0

orbit-v1.10.0

orbit-v1.11.0

orbit-v1.12.0

orbit-v1.12.1

orbit-v1.13.0

orbit-v1.14.0

orbit-v1.15.0

orbit-v1.16.0

orbit-v1.16.0-2

orbit-v1.17.0

orbit-v1.18.0-RC

orbit-v1.18.2

orbit-v1.18.3

orbit-v1.2.0-rc1

orbit-v1.20.0

orbit-v1.3.0

orbit-v1.3.0-rc

orbit-v1.4.0

orbit-v1.4.0-rc

orbit-v1.4.1

orbit-v1.41.0

orbit-v1.42.0

orbit-v1.43.0

orbit-v1.45.0

orbit-v1.48.0

orbit-v1.49.0

orbit-v1.5.0

orbit-v1.50.0

orbit-v1.51.0

orbit-v1.7.0

orbit-v1.8.0

orbit-v1.9.0

orbit-v1.9.1

rc-fleetctl-test-v4.*

rc-fleetctl-test-v4.63.0

tf-mod-addon-bfldf-v1.*

tf-mod-addon-bfldf-v1.1.0

tf-mod-addon-byo-file-carving-target-account-v1.*

tf-mod-addon-byo-file-carving-target-account-v1.0.0

tf-mod-addon-byo-file-carving-target-account-v1.1.0

tf-mod-addon-byo-file-carving-v1.*

tf-mod-addon-byo-file-carving-v1.0.0

tf-mod-addon-byo-file-carving-v1.1.0

tf-mod-addon-byo-firehose-logging-destination-firehose-v1.*

tf-mod-addon-byo-firehose-logging-destination-firehose-v1.0.0

tf-mod-addon-byo-firehose-logging-destination-firehose-v1.1.0

tf-mod-addon-byo-firehose-logging-destination-firehose-v2.*

tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.0

tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.1

tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.2

tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3

tf-mod-addon-byo-firehose-logging-destination-target-account-v1.*

tf-mod-addon-byo-firehose-logging-destination-target-account-v1.0.0

tf-mod-addon-byo-firehose-logging-destination-target-account-v1.1.0

tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.*

tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.0

tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.1

tf-mod-addon-byo-kinesis-logging-destination-target-account-v1.*

tf-mod-addon-byo-kinesis-logging-destination-target-account-v1.0.0

tf-mod-addon-external-vuln-scans-v1.*

tf-mod-addon-external-vuln-scans-v1.0.0

tf-mod-addon-external-vuln-scans-v2.*

tf-mod-addon-external-vuln-scans-v2.0.0

tf-mod-addon-external-vuln-scans-v2.0.1

tf-mod-addon-external-vuln-scans-v2.0.2

tf-mod-addon-external-vuln-scans-v2.1.0

tf-mod-addon-external-vuln-scans-v2.2.0

tf-mod-addon-geolite2-v1.*

tf-mod-addon-geolite2-v1.0.0

tf-mod-addon-logging-alb-v1.*

tf-mod-addon-logging-alb-v1.0.0

tf-mod-addon-logging-alb-v1.0.1

tf-mod-addon-logging-alb-v1.0.2

tf-mod-addon-logging-alb-v1.1.0

tf-mod-addon-logging-alb-v1.1.1

tf-mod-addon-logging-alb-v1.2.0

tf-mod-addon-logging-destination-firehose-v1.*

tf-mod-addon-logging-destination-firehose-v1.0.0

tf-mod-addon-logging-destination-firehose-v1.1.0

tf-mod-addon-logging-destination-firehose-v1.1.1

tf-mod-addon-mdm-v1.*

tf-mod-addon-mdm-v1.0.0

tf-mod-addon-mdm-v1.1.0

tf-mod-addon-mdm-v1.2.0

tf-mod-addon-mdm-v1.2.1

tf-mod-addon-mdm-v1.2.2

tf-mod-addon-mdm-v1.3.0

tf-mod-addon-mdm-v1.4.0

tf-mod-addon-mdm-v1.4.1

tf-mod-addon-mdm-v1.5.0

tf-mod-addon-mdm-v2.*

tf-mod-addon-mdm-v2.0.0

tf-mod-addon-mdmproxy-v1.*

tf-mod-addon-mdmproxy-v1.0.0

tf-mod-addon-mdmproxy-v1.0.1

tf-mod-addon-migrations-v1.*

tf-mod-addon-migrations-v1.0.0

tf-mod-addon-migrations-v2.*

tf-mod-addon-migrations-v2.0.0

tf-mod-addon-migrations-v2.0.1

tf-mod-addon-monitoring-v1.*

tf-mod-addon-monitoring-v1.0.0

tf-mod-addon-monitoring-v1.1.0

tf-mod-addon-monitoring-v1.1.1

tf-mod-addon-monitoring-v1.1.2

tf-mod-addon-monitoring-v1.1.3

tf-mod-addon-monitoring-v1.2.0

tf-mod-addon-monitoring-v1.3.0

tf-mod-addon-monitoring-v1.4.0

tf-mod-addon-monitoring-v1.4.1

tf-mod-addon-monitoring-v1.5.0

tf-mod-addon-monitoring-v1.5.1

tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.*

tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.0.0

tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.1.0

tf-mod-addon-osquery-carve-split-account-split-account-v1.*

tf-mod-addon-osquery-carve-split-account-split-account-v1.0.0

tf-mod-addon-osquery-carve-split-account-split-account-v1.1.0

tf-mod-addon-osquery-carve-v1.*

tf-mod-addon-osquery-carve-v1.0.0

tf-mod-addon-osquery-carve-v1.0.1

tf-mod-addon-osquery-carve-v1.1.0

tf-mod-addon-osquery-perf-v1.*

tf-mod-addon-osquery-perf-v1.0.0

tf-mod-addon-saml-auth-proxy-v1.*

tf-mod-addon-saml-auth-proxy-v1.0.0

tf-mod-addon-saml-auth-proxy-v1.1.0

tf-mod-addon-saml-auth-proxy-v1.2.0

tf-mod-addon-saml-auth-proxy-v1.3.0

tf-mod-addon-ses-v1.*

tf-mod-addon-ses-v1.0.0

tf-mod-addon-ses-v1.1.0

tf-mod-addon-ses-v1.2.0

tf-mod-addon-vuln-processing-v1.*

tf-mod-addon-vuln-processing-v1.0.0

tf-mod-addon-vuln-processing-v1.1.0

tf-mod-addon-waf-alb-v1.*

tf-mod-addon-waf-alb-v1.0.0

tf-mod-addon-waf-alb-v2.*

tf-mod-addon-waf-alb-v2.0.0

tf-mod-byo-db-v1.*

tf-mod-byo-db-v1.0.0

tf-mod-byo-db-v1.1.0

tf-mod-byo-db-v1.2.0

tf-mod-byo-db-v1.3.0

tf-mod-byo-db-v1.3.1

tf-mod-byo-db-v1.3.2

tf-mod-byo-db-v1.4.0

tf-mod-byo-db-v1.5.0

tf-mod-byo-db-v1.5.1

tf-mod-byo-db-v1.6.0

tf-mod-byo-db-v1.7.0

tf-mod-byo-db-v1.7.1

tf-mod-byo-db-v1.8.0

tf-mod-byo-db-v1.9.0

tf-mod-byo-ecs-v1.*

tf-mod-byo-ecs-v1.0.0

tf-mod-byo-ecs-v1.1.0

tf-mod-byo-ecs-v1.2.0

tf-mod-byo-ecs-v1.3.0

tf-mod-byo-ecs-v1.4.0

tf-mod-byo-ecs-v1.4.1

tf-mod-byo-ecs-v1.5.0

tf-mod-byo-ecs-v1.6.0

tf-mod-byo-ecs-v1.6.1

tf-mod-byo-ecs-v1.7.0

tf-mod-byo-ecs-v1.8.0

tf-mod-byo-ecs-v1.8.1

tf-mod-byo-vpc-v1.*

tf-mod-byo-vpc-v1.0.0

tf-mod-byo-vpc-v1.1.0

tf-mod-byo-vpc-v1.10.0

tf-mod-byo-vpc-v1.10.1

tf-mod-byo-vpc-v1.11.0

tf-mod-byo-vpc-v1.12.0

tf-mod-byo-vpc-v1.12.1

tf-mod-byo-vpc-v1.2.0

tf-mod-byo-vpc-v1.3.0

tf-mod-byo-vpc-v1.4.0

tf-mod-byo-vpc-v1.5.0

tf-mod-byo-vpc-v1.6.0

tf-mod-byo-vpc-v1.6.1

tf-mod-byo-vpc-v1.7.0

tf-mod-byo-vpc-v1.7.1

tf-mod-byo-vpc-v1.8.0

tf-mod-byo-vpc-v1.8.1

tf-mod-byo-vpc-v1.8.2

tf-mod-byo-vpc-v1.8.3

tf-mod-byo-vpc-v1.9.0

tf-mod-root-v1.*

tf-mod-root-v1.0.0

tf-mod-root-v1.1.0

tf-mod-root-v1.1.1

tf-mod-root-v1.10.0

tf-mod-root-v1.11.0

tf-mod-root-v1.11.1

tf-mod-root-v1.2.0

tf-mod-root-v1.3.0

tf-mod-root-v1.4.0

tf-mod-root-v1.5.0

tf-mod-root-v1.5.1

tf-mod-root-v1.6.0

tf-mod-root-v1.6.1

tf-mod-root-v1.7.0

tf-mod-root-v1.7.1

tf-mod-root-v1.7.2

tf-mod-root-v1.7.3

tf-mod-root-v1.8.0

tf-mod-root-v1.9.0

tf-mod-root-v1.9.1

tf-mod-root-v1.9.2

v0.*

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v4.*

v4.0.0

v4.0.0-rc3

v4.0.1

v4.1.0

v4.28.0

v4.36.0

v4.37.0

v4.43.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26061.json"