CVE-2026-34389 — Fleet is open source device management software. Prior to 4.81.0, Fleet…

April 02, 2026 22:57 /HIGH

CVE Notify vulnerabilitycveidentitytools

🚨 CVE-2026-34389 Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite.

What This Means For You

New vulnerability disclosed — verify if your stack is exposed.
New tool or resource available — evaluate for your security workflow.

Indicators of Compromise

ID	Type	Indicator
CVE-2026-34389	Auth Bypass	Fleet open source device management software, versions prior to 4.81.0. Vulnerable component: user invitation flow. Issue: Email address provided during invite acceptance was not validated against the email address associated with the invite.

🔎

Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.

Open Intel Bot →

Source & Attribution

Source Platform	Telegram
Channel	CVE Notify
Published	April 02, 2026 at 22:57 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Indicators of Compromise

Related coverage

CVE-2026-20240 — Denial of Service

Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged