NIXPKGS-2026-0833

GitHub issue published on 28 Mar 2026

Permalink CVE-2026-34389

updated 18 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 10 hours ago
@LeSuisse removed
20 packages
- fleetctl
- fleeting-plugin-aws
- azure-cli-extensions.fleet
- python312Packages.tesla-fleet-api
- python313Packages.tesla-fleet-api
- python314Packages.tesla-fleet-api
- haskellPackages.amazonka-iotfleethub
- haskellPackages.amazonka-iotfleetwise
- python312Packages.mypy-boto3-iotfleethub
- python313Packages.mypy-boto3-iotfleethub
- python314Packages.mypy-boto3-iotfleethub
- python312Packages.mypy-boto3-iotfleetwise
- python313Packages.mypy-boto3-iotfleetwise
- python314Packages.mypy-boto3-iotfleetwise
- home-assistant-component-tests.tesla_fleet
- python312Packages.types-aiobotocore-iotfleethub
- python313Packages.types-aiobotocore-iotfleethub
- python312Packages.types-aiobotocore-iotfleetwise
- python313Packages.types-aiobotocore-iotfleetwise
- tests.home-assistant-component-tests.tesla_fleet
18 hours ago
@LeSuisse accepted 18 hours ago
@LeSuisse published on GitHub 18 hours ago

Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address while inheriting the role granted by the invite, including global admin. Version 4.81.0 patches the issue.

References

https://github.com/fleetdm/fleet/security/advisories/GHSA-4f9r-x588-pp2h x_refsource_CONFIRM

Affected products

fleet

==< 4.81.0

Matching in nixpkgs

pkgs.fleet

CLI tool to launch Fleet server

nixos-unstable 4.81.0
- nixpkgs-unstable 4.81.0
- nixos-unstable-small 4.81.0
nixos-25.11 4.81.0
- nixos-25.11-small 4.81.0
- nixpkgs-25.11-darwin 4.81.0

Ignored packages (20)

pkgs.fleetctl

CLI tool for managing Fleet

nixos-unstable 4.81.0
- nixpkgs-unstable 4.81.0
- nixos-unstable-small 4.81.0
nixos-25.11 4.81.0
- nixos-25.11-small 4.81.0
- nixpkgs-25.11-darwin 4.81.0

pkgs.fleeting-plugin-aws

GitLab fleeting plugin for AWS

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.azure-cli-extensions.fleet

Microsoft Azure Command-Line Tools Fleet Extension

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.8.1
- nixos-25.11-small 1.8.1
- nixpkgs-25.11-darwin 1.8.1

pkgs.python312Packages.tesla-fleet-api

Python library for Tesla Fleet API and Teslemetry

nixos-25.11 1.2.5
- nixos-25.11-small 1.2.5
- nixpkgs-25.11-darwin 1.2.5

pkgs.python313Packages.tesla-fleet-api

Python library for Tesla Fleet API and Teslemetry

nixos-unstable 1.4.3
- nixpkgs-unstable 1.4.3
- nixos-unstable-small 1.4.3
nixos-25.11 1.2.5
- nixos-25.11-small 1.2.5
- nixpkgs-25.11-darwin 1.2.5

pkgs.python314Packages.tesla-fleet-api

Python library for Tesla Fleet API and Teslemetry

nixos-unstable 1.4.3
- nixpkgs-unstable 1.4.3
- nixos-unstable-small 1.4.3

pkgs.haskellPackages.amazonka-iotfleethub

Amazon IoT Fleet Hub SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.haskellPackages.amazonka-iotfleetwise

Amazon IoT FleetWise SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-iotfleethub

Type annotations for boto3 iotfleethub

nixos-25.11 boto3-iotfleethub-1.40.17
- nixos-25.11-small boto3-iotfleethub-1.40.17
- nixpkgs-25.11-darwin boto3-iotfleethub-1.40.17

pkgs.python313Packages.mypy-boto3-iotfleethub

Type annotations for boto3 iotfleethub

nixos-unstable boto3-iotfleethub-1.40.17
- nixpkgs-unstable boto3-iotfleethub-1.40.17
- nixos-unstable-small boto3-iotfleethub-1.40.17
nixos-25.11 boto3-iotfleethub-1.40.17
- nixos-25.11-small boto3-iotfleethub-1.40.17
- nixpkgs-25.11-darwin boto3-iotfleethub-1.40.17

pkgs.python314Packages.mypy-boto3-iotfleethub

Type annotations for boto3 iotfleethub

nixos-unstable boto3-iotfleethub-1.40.17
- nixpkgs-unstable boto3-iotfleethub-1.40.17
- nixos-unstable-small boto3-iotfleethub-1.40.17

pkgs.python312Packages.mypy-boto3-iotfleetwise

Type annotations for boto3 iotfleetwise

nixos-25.11 boto3-iotfleetwise-1.41.0
- nixos-25.11-small boto3-iotfleetwise-1.41.0
- nixpkgs-25.11-darwin boto3-iotfleetwise-1.41.0

pkgs.python313Packages.mypy-boto3-iotfleetwise

Type annotations for boto3 iotfleetwise

nixos-unstable boto3-iotfleetwise-1.42.3
- nixpkgs-unstable boto3-iotfleetwise-1.42.3
- nixos-unstable-small boto3-iotfleetwise-1.42.3
nixos-25.11 boto3-iotfleetwise-1.41.0
- nixos-25.11-small boto3-iotfleetwise-1.41.0
- nixpkgs-25.11-darwin boto3-iotfleetwise-1.41.0

pkgs.python314Packages.mypy-boto3-iotfleetwise

Type annotations for boto3 iotfleetwise

nixos-unstable boto3-iotfleetwise-1.42.3
- nixpkgs-unstable boto3-iotfleetwise-1.42.3
- nixos-unstable-small boto3-iotfleetwise-1.42.3

pkgs.home-assistant-component-tests.tesla_fleet

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.python312Packages.types-aiobotocore-iotfleethub

Type annotations for aiobotocore iotfleethub

nixos-25.11 2.24.2
- nixos-25.11-small 2.24.2
- nixpkgs-25.11-darwin 2.24.2

pkgs.python313Packages.types-aiobotocore-iotfleethub

Type annotations for aiobotocore iotfleethub

nixos-unstable 2.24.2
- nixpkgs-unstable 2.24.2
- nixos-unstable-small 2.24.2
nixos-25.11 2.24.2
- nixos-25.11-small 2.24.2
- nixpkgs-25.11-darwin 2.24.2

pkgs.python312Packages.types-aiobotocore-iotfleetwise

Type annotations for aiobotocore iotfleetwise

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-iotfleetwise

Type annotations for aiobotocore iotfleetwise

nixos-unstable 3.2.1
- nixpkgs-unstable 3.2.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.tests.home-assistant-component-tests.tesla_fleet

Open source home automation that puts local control and privacy first

nixos-unstable 2026.3.3
- nixpkgs-unstable 2026.3.3
- nixos-unstable-small 2026.3.4

Package maintainers

@LeSuisse Thomas Gerbet <thomas@gerbet.me>
@asauzeau Antoine Sauzeau <antoine.sauzeau3@gmail.com>

Advisory: https://github.com/fleetdm/fleet/security/advisories/GHSA-4f9r-x588-pp2h

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0833

References

Affected products

Matching in nixpkgs

pkgs.fleet

pkgs.fleetctl

pkgs.fleeting-plugin-aws

pkgs.azure-cli-extensions.fleet

pkgs.python312Packages.tesla-fleet-api

pkgs.python313Packages.tesla-fleet-api

pkgs.python314Packages.tesla-fleet-api

pkgs.haskellPackages.amazonka-iotfleethub

pkgs.haskellPackages.amazonka-iotfleetwise

pkgs.python312Packages.mypy-boto3-iotfleethub

pkgs.python313Packages.mypy-boto3-iotfleethub

pkgs.python314Packages.mypy-boto3-iotfleethub

pkgs.python312Packages.mypy-boto3-iotfleetwise

pkgs.python313Packages.mypy-boto3-iotfleetwise

pkgs.python314Packages.mypy-boto3-iotfleetwise

pkgs.home-assistant-component-tests.tesla_fleet

pkgs.python312Packages.types-aiobotocore-iotfleethub

pkgs.python313Packages.types-aiobotocore-iotfleethub

pkgs.python312Packages.types-aiobotocore-iotfleetwise

pkgs.python313Packages.types-aiobotocore-iotfleetwise

pkgs.tests.home-assistant-component-tests.tesla_fleet

Package maintainers