CVE-2026-23518 | Fleet - Windows MDM Operational Intel

Executive Risk Summary

"A vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue."

Operational Audit Arsenal

Target Type Software Component

Target Asset fleet.exe

Standard Path %ProgramFiles%\Fleet

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: fleet.exe (Software Component)
$Targets = 'fleet.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Unlikely

Low to Moderate

Internal Work Notes

CVE-2026-23518: Fleet Windows MDM enrollment vulnerability, recommend upgrading to version 4.78.3 or later, or temporarily disabling Windows MDM

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://github.com/fleetdm/fleet/commit/e225ef57912c8f4ac8977e24b5ebe1d9fd875257

Official Advisoryhttps://github.com/fleetdm/fleet/security/advisories/GHSA-63m5-974w-448v

Related Fleetdm Threats

CVE-2026-34387 CVSS 9.8

Fleet - Software Installer Pipeline

CVE-2026-34391 CVSS 7.5

Fleet - Device Management

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.