CVE-2026-34386: CVE-2026-34386: Authenticated SQL Injection in Fleet MDM Bootstrap Package Configuration

#security #cve #cybersecurity

CVE-2026-34386: Authenticated SQL Injection in Fleet MDM Bootstrap Package Configuration

Vulnerability ID: CVE-2026-34386
CVSS Score: 6.3
Published: 2026-03-30

Fleet open-source device management software prior to version 4.81.0 contains a SQL injection vulnerability in its MDM bootstrap package configuration module. Authenticated users with Team Admin or Global Admin privileges can execute arbitrary database queries when the Apple MDM feature is enabled.

TL;DR

Authenticated Team or Global Admins can exploit a SQL injection flaw in Fleet's MDM bootstrap package configuration to extract sensitive database records and elevate privileges. Updating to version 4.81.0 or disabling Apple MDM mitigates the vulnerability.

Technical Details

CWE ID: CWE-89
Attack Vector: Network (Authenticated API)
CVSS v4.0 Score: 6.3
EPSS Score: 0.0003
Impact: Data Exfiltration, Cross-team Corruption, Privilege Escalation
Exploit Status: Unweaponized / Known Vulnerability
CISA KEV: Not Listed

Affected Systems

Fleet Device Management Software
Apple MDM Integration Component
fleet: < 4.81.0 (Fixed in: 4.81.0)

Mitigation Strategies

Upgrade Fleet to version 4.81.0 or later.
Disable Apple MDM feature temporarily if immediate patching is impossible.
Audit and restrict Team Admin and Global Admin role assignments.
Implement API monitoring for SQL injection payloads targeting MDM endpoints.

Remediation Steps:

Review current Fleet version to determine vulnerability status.
Schedule a maintenance window for the upgrade process.
Backup the current Fleet database and application configuration.
Deploy Fleet version 4.81.0 following the official upgrade documentation.
Verify that MDM bootstrap package configuration functions as expected post-upgrade.