Fleet Denial-of-Service Vulnerability in gRPC Launcher Endpoint

A denial-of-service vulnerability has been identified in Fleet device management software, prior to version 4.81.0. The issue resides in the gRPC Launcher endpoint, where an authenticated host can cause the Fleet server process to crash by sending an unexpected log type value. This abrupt termination disrupts all connected hosts, MDM enrollments, and API consumers. The vulnerability arises because the gRPC server does not handle errors properly, leading to an immediate and unrecoverable server crash instead of gracefully rejecting the malformed input.

Impact

Exploitation of this vulnerability causes the entire Fleet server process to terminate, leading to a disruption of all connected hosts, MDM enrollments, and API consumers. The crash is instant and can be repeated, allowing an authenticated host to script repeated requests that keep the server down until a patched version is deployed.

Remediation

Users are advised to upgrade to Fleet version 4.81.0 or later, where this vulnerability has been patched.