Tag

Fleetdm

1 brief RSS

Fleet Windows MDM Azure AD JWT Authentication Bypass Vulnerability

A vulnerability in Fleet versions prior to 4.82.0 allows authentication tokens from any Azure AD tenant to be accepted, enabling unauthorized device enrollment and MDM API access due to improper JWT signature validation, tracked as CVE-2026-24899.

fleetdm/fleet/v4 +1 jwt azuread authentication bypass mdm fleetdm

2r 2t 1i 1h ago