Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0829

NIXPKGS-2026-0829
published on 28 Mar 2026
Permalink CVE-2026-34391
updated 18 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 day, 10 hours ago
  • @LeSuisse removed
    20 packages
    • fleetctl
    • fleeting-plugin-aws
    • azure-cli-extensions.fleet
    • python312Packages.tesla-fleet-api
    • python313Packages.tesla-fleet-api
    • python314Packages.tesla-fleet-api
    • haskellPackages.amazonka-iotfleethub
    • haskellPackages.amazonka-iotfleetwise
    • python312Packages.mypy-boto3-iotfleethub
    • python313Packages.mypy-boto3-iotfleethub
    • python314Packages.mypy-boto3-iotfleethub
    • python312Packages.mypy-boto3-iotfleetwise
    • python313Packages.mypy-boto3-iotfleetwise
    • python314Packages.mypy-boto3-iotfleetwise
    • home-assistant-component-tests.tesla_fleet
    • python312Packages.types-aiobotocore-iotfleethub
    • python313Packages.types-aiobotocore-iotfleethub
    • python312Packages.types-aiobotocore-iotfleetwise
    • python313Packages.types-aiobotocore-iotfleetwise
    • tests.home-assistant-component-tests.tesla_fleet
    18 hours ago
  • @LeSuisse accepted 18 hours ago
  • @LeSuisse published on GitHub 18 hours ago
Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. Version 4.81.1 patches the issue.

References

Affected products

fleet
  • ==< 4.81.1

Matching in nixpkgs

Ignored packages (20)

Package maintainers

Advisory: https://github.com/fleetdm/fleet/security/advisories/GHSA-wg7j-pcc3-h4rh