CVE-2026-22808
Unknown Unknown - Not Provided
Cross-Site Scripting in Fleet MDM Enables Admin Token Theft

Publication date: 2026-01-21

Last updated on: 2026-02-18

Assigner: GitHub, Inc.

Description
fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage. This could allow unauthorized access to Fleet, including administrative access, visibility into device data, and modification of configuration. Versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22808
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
fleetdm fleet to 4.53.3 (exc)
fleetdm fleet From 4.75.0 (inc) to 4.75.2 (exc)
fleetdm fleet From 4.76.0 (inc) to 4.76.2 (exc)
fleetdm fleet From 4.78.0 (inc) to 4.78.2 (exc)
fleetdm fleet 4.77.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site scripting (XSS) issue in fleetdm/fleet device management software when Windows MDM is enabled. An unauthenticated attacker can exploit this XSS flaw to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage, potentially gaining unauthorized administrative access to the Fleet system.

Impact Analysis

If exploited, this vulnerability can allow an attacker to gain unauthorized access to the Fleet system with administrative privileges. This includes the ability to view device data and modify configuration settings, which could compromise the security and management of devices under Fleet's control.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade Fleet to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, or 4.53.3 where the issue is fixed. If an immediate upgrade is not possible, temporarily disable Windows MDM.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart