CVE-2026-26060 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-26060 PUBLISHED CVSS 6 MEDIUM

Fleet: Password reset tokens remain valid after password change for 24 hours

Risk Scores

CVSS v4.0

6

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
fleetdm	fleet	< 4.81.0, < 4.81.0, < 4.81.0
github.com	fleetdm/fleet/v4	0, 0, 0

Timeline

Mar 27, 2026 CVE Published
Mar 27, 2026 Coalition ESS Score
Mar 28, 2026 Security Advisory
Mar 31, 2026 PoC Published
Mar 31, 2026 PoC Published

References

Open in Interactive Console →