CVE-2026-27465

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-27465
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27465.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27465
Aliases
Published
2026-02-26T02:54:04.886Z
Modified
2026-02-26T19:42:46.375533Z
Severity
  • 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Details

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Fleet returns configuration data through an API endpoint that is accessible to authenticated users, including those with the lowest-privilege “Observer” role. In affected versions, Google Calendar service account credentials were not properly obfuscated before being returned. As a result, a low-privilege user could retrieve the service account’s private key material. Depending on how the Google Calendar integration is configured, this could allow unauthorized access to calendar data or other Google Workspace resources associated with the service account. This issue does not allow escalation of privileges within Fleet or access to device management functionality. Version 4.80.1 patches the issue. If an immediate upgrade is not possible, administrators should remove the Google Calendar integration from Fleet and rotate the affected Google service account credentials.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27465.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-201"
    ]
}
References

Affected packages

Git / github.com/fleetdm/fleet

Affected ranges

Type
GIT
Repo
https://github.com/fleetdm/fleet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5c2a408a4ddb0866a8393159fe71abec5f450e6d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.80.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.0-rc1
1.0.0-rc2
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
2.*
2.0.0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.0.0-rc5
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
3.*
3.0.0
3.1.0
3.10.0
3.10.1
3.11.0
3.12.0
3.13.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0
3.9.0
fleet-v4.*
fleet-v4.10.0
fleet-v4.11.0
fleet-v4.12.0
fleet-v4.13.0
fleet-v4.14.0
fleet-v4.15.0
fleet-v4.16.0
fleet-v4.17.0
fleet-v4.18.0
fleet-v4.19.0
fleet-v4.2.0
fleet-v4.2.2
fleet-v4.20.0
fleet-v4.22.0
fleet-v4.23.0
fleet-v4.24.0
fleet-v4.25.0
fleet-v4.26.0
fleet-v4.27.0
fleet-v4.28.0
fleet-v4.29.0
fleet-v4.3.0
fleet-v4.3.1
fleet-v4.30.0
fleet-v4.31.0
fleet-v4.32.0
fleet-v4.33.0
fleet-v4.34.0
fleet-v4.35.0
fleet-v4.36.0
fleet-v4.37.0
fleet-v4.38.0
fleet-v4.39.0
fleet-v4.4.0
fleet-v4.40.0
fleet-v4.41.0
fleet-v4.43.0
fleet-v4.45.0
fleet-v4.47.0
fleet-v4.48.0
fleet-v4.49.0
fleet-v4.5.0
fleet-v4.50.0
fleet-v4.51.0
fleet-v4.6.0
fleet-v4.6.1
fleet-v4.7.0
fleet-v4.8.0
fleet-v4.80.0
Other
fleetctl-docker-deps-20260113
orbit-test-build
fleetctl-docker-deps-v4.*
fleetctl-docker-deps-v4.60.0
fleetctl-docker-deps-v4.76.1
fleetd-android-v1.*
fleetd-android-v1.0.0
fleetd-chrome-v1.*
fleetd-chrome-v1.1.0-beta
fleetd-chrome-v1.1.1-beta
fleetd-chrome-v1.1.3
fleetd-chrome-v1.1.3-beta
fleetd-chrome-v1.2.0
fleetd-chrome-v1.2.0-beta
fleetd-chrome-v1.2.1-beta
fleetd-chrome-v1.3.0
fleetd-chrome-v1.3.1
orbit-v0.*
orbit-v0.0.11
orbit-v0.0.12
orbit-v0.0.13
orbit-v0.0.4
orbit-v0.0.5
orbit-v0.0.6
orbit-v0.0.7
orbit-v0.0.9
orbit-v1.*
orbit-v1.0.0
orbit-v1.1.0
orbit-v1.10.0
orbit-v1.11.0
orbit-v1.12.0
orbit-v1.12.1
orbit-v1.13.0
orbit-v1.14.0
orbit-v1.15.0
orbit-v1.16.0
orbit-v1.16.0-2
orbit-v1.17.0
orbit-v1.18.0-RC
orbit-v1.18.2
orbit-v1.18.3
orbit-v1.2.0-rc1
orbit-v1.20.0
orbit-v1.3.0
orbit-v1.3.0-rc
orbit-v1.4.0
orbit-v1.4.0-rc
orbit-v1.4.1
orbit-v1.41.0
orbit-v1.42.0
orbit-v1.43.0
orbit-v1.45.0
orbit-v1.48.0
orbit-v1.49.0
orbit-v1.5.0
orbit-v1.50.0
orbit-v1.7.0
orbit-v1.8.0
orbit-v1.9.0
orbit-v1.9.1
rc-fleetctl-test-v4.*
rc-fleetctl-test-v4.63.0
tf-mod-addon-bfldf-v1.*
tf-mod-addon-bfldf-v1.1.0
tf-mod-addon-byo-file-carving-target-account-v1.*
tf-mod-addon-byo-file-carving-target-account-v1.0.0
tf-mod-addon-byo-file-carving-target-account-v1.1.0
tf-mod-addon-byo-file-carving-v1.*
tf-mod-addon-byo-file-carving-v1.0.0
tf-mod-addon-byo-file-carving-v1.1.0
tf-mod-addon-byo-firehose-logging-destination-firehose-v1.*
tf-mod-addon-byo-firehose-logging-destination-firehose-v1.0.0
tf-mod-addon-byo-firehose-logging-destination-firehose-v1.1.0
tf-mod-addon-byo-firehose-logging-destination-firehose-v2.*
tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.0
tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.1
tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.2
tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3
tf-mod-addon-byo-firehose-logging-destination-target-account-v1.*
tf-mod-addon-byo-firehose-logging-destination-target-account-v1.0.0
tf-mod-addon-byo-firehose-logging-destination-target-account-v1.1.0
tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.*
tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.0
tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.1
tf-mod-addon-byo-kinesis-logging-destination-target-account-v1.*
tf-mod-addon-byo-kinesis-logging-destination-target-account-v1.0.0
tf-mod-addon-external-vuln-scans-v1.*
tf-mod-addon-external-vuln-scans-v1.0.0
tf-mod-addon-external-vuln-scans-v2.*
tf-mod-addon-external-vuln-scans-v2.0.0
tf-mod-addon-external-vuln-scans-v2.0.1
tf-mod-addon-external-vuln-scans-v2.0.2
tf-mod-addon-external-vuln-scans-v2.1.0
tf-mod-addon-external-vuln-scans-v2.2.0
tf-mod-addon-geolite2-v1.*
tf-mod-addon-geolite2-v1.0.0
tf-mod-addon-logging-alb-v1.*
tf-mod-addon-logging-alb-v1.0.0
tf-mod-addon-logging-alb-v1.0.1
tf-mod-addon-logging-alb-v1.0.2
tf-mod-addon-logging-alb-v1.1.0
tf-mod-addon-logging-alb-v1.1.1
tf-mod-addon-logging-alb-v1.2.0
tf-mod-addon-logging-destination-firehose-v1.*
tf-mod-addon-logging-destination-firehose-v1.0.0
tf-mod-addon-logging-destination-firehose-v1.1.0
tf-mod-addon-logging-destination-firehose-v1.1.1
tf-mod-addon-mdm-v1.*
tf-mod-addon-mdm-v1.0.0
tf-mod-addon-mdm-v1.1.0
tf-mod-addon-mdm-v1.2.0
tf-mod-addon-mdm-v1.2.1
tf-mod-addon-mdm-v1.2.2
tf-mod-addon-mdm-v1.3.0
tf-mod-addon-mdm-v1.4.0
tf-mod-addon-mdm-v1.4.1
tf-mod-addon-mdm-v1.5.0
tf-mod-addon-mdm-v2.*
tf-mod-addon-mdm-v2.0.0
tf-mod-addon-mdmproxy-v1.*
tf-mod-addon-mdmproxy-v1.0.0
tf-mod-addon-mdmproxy-v1.0.1
tf-mod-addon-migrations-v1.*
tf-mod-addon-migrations-v1.0.0
tf-mod-addon-migrations-v2.*
tf-mod-addon-migrations-v2.0.0
tf-mod-addon-migrations-v2.0.1
tf-mod-addon-monitoring-v1.*
tf-mod-addon-monitoring-v1.0.0
tf-mod-addon-monitoring-v1.1.0
tf-mod-addon-monitoring-v1.1.1
tf-mod-addon-monitoring-v1.1.2
tf-mod-addon-monitoring-v1.1.3
tf-mod-addon-monitoring-v1.2.0
tf-mod-addon-monitoring-v1.3.0
tf-mod-addon-monitoring-v1.4.0
tf-mod-addon-monitoring-v1.4.1
tf-mod-addon-monitoring-v1.5.0
tf-mod-addon-monitoring-v1.5.1
tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.*
tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.0.0
tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.1.0
tf-mod-addon-osquery-carve-split-account-split-account-v1.*
tf-mod-addon-osquery-carve-split-account-split-account-v1.0.0
tf-mod-addon-osquery-carve-split-account-split-account-v1.1.0
tf-mod-addon-osquery-carve-v1.*
tf-mod-addon-osquery-carve-v1.0.0
tf-mod-addon-osquery-carve-v1.0.1
tf-mod-addon-osquery-carve-v1.1.0
tf-mod-addon-osquery-perf-v1.*
tf-mod-addon-osquery-perf-v1.0.0
tf-mod-addon-saml-auth-proxy-v1.*
tf-mod-addon-saml-auth-proxy-v1.0.0
tf-mod-addon-saml-auth-proxy-v1.1.0
tf-mod-addon-saml-auth-proxy-v1.2.0
tf-mod-addon-saml-auth-proxy-v1.3.0
tf-mod-addon-ses-v1.*
tf-mod-addon-ses-v1.0.0
tf-mod-addon-ses-v1.1.0
tf-mod-addon-ses-v1.2.0
tf-mod-addon-vuln-processing-v1.*
tf-mod-addon-vuln-processing-v1.0.0
tf-mod-addon-vuln-processing-v1.1.0
tf-mod-addon-waf-alb-v1.*
tf-mod-addon-waf-alb-v1.0.0
tf-mod-addon-waf-alb-v2.*
tf-mod-addon-waf-alb-v2.0.0
tf-mod-byo-db-v1.*
tf-mod-byo-db-v1.0.0
tf-mod-byo-db-v1.1.0
tf-mod-byo-db-v1.2.0
tf-mod-byo-db-v1.3.0
tf-mod-byo-db-v1.3.1
tf-mod-byo-db-v1.3.2
tf-mod-byo-db-v1.4.0
tf-mod-byo-db-v1.5.0
tf-mod-byo-db-v1.5.1
tf-mod-byo-db-v1.6.0
tf-mod-byo-db-v1.7.0
tf-mod-byo-db-v1.7.1
tf-mod-byo-db-v1.8.0
tf-mod-byo-db-v1.9.0
tf-mod-byo-ecs-v1.*
tf-mod-byo-ecs-v1.0.0
tf-mod-byo-ecs-v1.1.0
tf-mod-byo-ecs-v1.2.0
tf-mod-byo-ecs-v1.3.0
tf-mod-byo-ecs-v1.4.0
tf-mod-byo-ecs-v1.4.1
tf-mod-byo-ecs-v1.5.0
tf-mod-byo-ecs-v1.6.0
tf-mod-byo-ecs-v1.6.1
tf-mod-byo-ecs-v1.7.0
tf-mod-byo-ecs-v1.8.0
tf-mod-byo-ecs-v1.8.1
tf-mod-byo-vpc-v1.*
tf-mod-byo-vpc-v1.0.0
tf-mod-byo-vpc-v1.1.0
tf-mod-byo-vpc-v1.10.0
tf-mod-byo-vpc-v1.10.1
tf-mod-byo-vpc-v1.11.0
tf-mod-byo-vpc-v1.12.0
tf-mod-byo-vpc-v1.12.1
tf-mod-byo-vpc-v1.2.0
tf-mod-byo-vpc-v1.3.0
tf-mod-byo-vpc-v1.4.0
tf-mod-byo-vpc-v1.5.0
tf-mod-byo-vpc-v1.6.0
tf-mod-byo-vpc-v1.6.1
tf-mod-byo-vpc-v1.7.0
tf-mod-byo-vpc-v1.7.1
tf-mod-byo-vpc-v1.8.0
tf-mod-byo-vpc-v1.8.1
tf-mod-byo-vpc-v1.8.2
tf-mod-byo-vpc-v1.8.3
tf-mod-byo-vpc-v1.9.0
tf-mod-root-v1.*
tf-mod-root-v1.0.0
tf-mod-root-v1.1.0
tf-mod-root-v1.1.1
tf-mod-root-v1.10.0
tf-mod-root-v1.11.0
tf-mod-root-v1.11.1
tf-mod-root-v1.2.0
tf-mod-root-v1.3.0
tf-mod-root-v1.4.0
tf-mod-root-v1.5.0
tf-mod-root-v1.5.1
tf-mod-root-v1.6.0
tf-mod-root-v1.6.1
tf-mod-root-v1.7.0
tf-mod-root-v1.7.1
tf-mod-root-v1.7.2
tf-mod-root-v1.7.3
tf-mod-root-v1.8.0
tf-mod-root-v1.9.0
tf-mod-root-v1.9.1
tf-mod-root-v1.9.2
v0.*
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v4.*
v4.0.0
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.1
v4.1.0
v4.28.0
v4.36.0
v4.37.0
v4.43.4
v4.80.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27465.json"