Primary

Context

Fleet Android MDM Unenrollment Vulnerability via Pub/Sub Endpoint

Vulnerability

Patched

A vulnerability exists in Fleet's Android Mobile Device Management (MDM) handling of Pub/Sub events, allowing unauthenticated requests to trigger device unenrollment. This issue is present in Fleet versions prior to 4.80.1. When Android MDM is enabled, an attacker can send a crafted request to the Android Pub/Sub endpoint to remove a targeted Android device from management, unauthorized. While this vulnerability disrupts device management for the affected device, it does not provide access to Fleet, allow command execution, or reveal device data.

Impact

Exploitation of this vulnerability could lead to the unauthorized removal of Android devices from Fleet management, disrupting the management of those devices.

Remediation

Users of Fleet who are unable to upgrade to version 4.80.1 or later should temporarily disable Android MDM.

Added: Feb 26, 2026, 9:22 AM

Updated: Feb 26, 2026, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.3

exploitability

7.0

remediation

8.3

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.3

exploitability

7.0

remediation

8.3

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fleet Android MDM Unenrollment Vulnerability via Pub/Sub Endpoint

Vulnerability

Impact

Remediation

Affected Products

Fleet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating