Mdm

CVE-2026-23998 describes a vulnerability in Fleet's Windows MDM management endpoint that allows requests to be processed without proper client certificate validation, potentially allowing an attacker to impersonate a device and retrieve sensitive configuration data.

A vulnerability in Fleet versions prior to 4.82.0 allows authentication tokens from any Azure AD tenant to be accepted, enabling unauthorized device enrollment and MDM API access due to improper JWT signature validation, tracked as CVE-2026-24899.