CVE-2026-22808
Unknown Unknown - Not Provided

Cross-Site Scripting in Fleet MDM Enables Admin Token Theft

Vulnerability report for CVE-2026-22808, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-21

Last updated on: 2026-02-18

Assigner: GitHub, Inc.

Description

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage. This could allow unauthorized access to Fleet, including administrative access, visibility into device data, and modification of configuration. Versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-21
Last Modified
2026-02-18
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
fleetdm fleet to 4.53.3 (exc)
fleetdm fleet From 4.75.0 (inc) to 4.75.2 (exc)
fleetdm fleet From 4.76.0 (inc) to 4.76.2 (exc)
fleetdm fleet From 4.78.0 (inc) to 4.78.2 (exc)
fleetdm fleet 4.77.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site scripting (XSS) issue in fleetdm/fleet device management software when Windows MDM is enabled. An unauthenticated attacker can exploit this XSS flaw to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage, potentially gaining unauthorized administrative access to the Fleet system.

Impact Analysis

If exploited, this vulnerability can allow an attacker to gain unauthorized access to the Fleet system with administrative privileges. This includes the ability to view device data and modify configuration settings, which could compromise the security and management of devices under Fleet's control.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade Fleet to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, or 4.53.3 where the issue is fixed. If an immediate upgrade is not possible, temporarily disable Windows MDM.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart