CVE-2026-24004
Received Received - Intake
Unauthenticated Device Unenrollment in Fleet Android MDM

Publication date: 2026-02-26

Last updated on: 2026-03-02

Assigner: GitHub, Inc.

Description
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-02
Generated
2026-05-07
AI Q&A
2026-02-26
EPSS Evaluated
2026-05-05
NVD
CVE-2026-24004
EUVD
EUVD-2026-8827
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fleetdm fleet to 4.80.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2026-24004 is a vulnerability in Fleet's Android Mobile Device Management (MDM) Pub/Sub endpoint present in versions prior to 4.80.1."}, {'type': 'paragraph', 'content': 'This flaw allows unauthenticated attackers to send specially crafted requests to the Android Pub/Sub endpoint, which triggers device unenrollment events.'}, {'type': 'paragraph', 'content': 'As a result, an attacker can remove individual Android devices from Fleet management without needing to authenticate.'}, {'type': 'paragraph', 'content': 'However, this vulnerability does not allow attackers to access the Fleet system, execute commands, or view any device data.'}] [1]


How can this vulnerability impact me? :

The impact of this vulnerability is limited to disruption of Android device management for the affected device.

An attacker could cause unauthorized removal of targeted Android devices from Fleet management, potentially causing loss of control over those devices.

This could interfere with device monitoring and management but does not compromise device data or allow execution of commands.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, upgrade Fleet to version 4.80.1 or later where the issue is fixed.

If an immediate upgrade is not possible, temporarily disable Android MDM to prevent exploitation of the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart