CVE-2026-34388
Denial-of-Service in Fleet gRPC Launcher Crashes Server
Publication date: 2026-03-27
Last updated on: 2026-04-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fleetdm | fleet | to 4.81.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation for this vulnerability is to upgrade the Fleet software to version 4.81.0 or later.
No other workarounds or mitigations exist, so applying the patch promptly is critical to prevent denial-of-service attacks.
Can you explain this vulnerability to me?
CVE-2026-34388 is a high-severity denial-of-service vulnerability in Fleet's gRPC Launcher endpoint affecting versions prior to 4.81.0.
An authenticated host with a valid Launcher node key can exploit this vulnerability by sending a specially crafted gRPC request containing an unexpected log type value.
This malformed input is not properly handled by the gRPC server, causing the entire Fleet server process to crash immediately and unrecoverably.
How can this vulnerability impact me? :
Exploiting this vulnerability causes the Fleet server to terminate immediately, disrupting all connected hosts, Mobile Device Management (MDM) enrollments, and API consumers.
Because the server crashes instead of handling the invalid request gracefully, attackers can repeatedly trigger this crash, resulting in a persistent denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an authenticated host sending a specially crafted gRPC request with an unexpected log type value to the Fleet gRPC Launcher endpoint, causing the server to crash.
Detection would involve monitoring for unexpected crashes or terminations of the Fleet server process, especially following gRPC Launcher endpoint activity.
Since the vulnerability requires an authenticated host with a valid Launcher node key to send malformed gRPC requests, network detection could focus on identifying unusual or malformed gRPC traffic to the Launcher endpoint.
However, no specific commands or detection tools are provided in the available information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.