Vulnerability-Lookup

CVE-2026-24004 (GCVE-0-2026-24004)

Vulnerability from cvelistv5 – Published: 2026-02-26 02:43 – Updated: 2026-02-26 14:33

Title

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Summary

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.

Severity ?

1.7 (Low)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U

CWE

CWE-862 - Missing Authorization

Assigner

GitHub_M

References

URL

Tags

https://github.com/fleetdm/fleet/security/advisor…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	fleetdm	fleet	Affected: < 4.80.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T14:33:39.131793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:33:57.282Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fleet",
          "vendor": "fleetdm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.80.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet\u2019s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T02:43:14.600Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78"
        }
      ],
      "source": {
        "advisory": "GHSA-9pm7-6g36-6j78",
        "discovery": "UNKNOWN"
      },
      "title": "Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24004",
    "datePublished": "2026-02-26T02:43:14.600Z",
    "dateReserved": "2026-01-19T18:49:20.659Z",
    "dateUpdated": "2026-02-26T14:33:57.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-24004\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-26T03:16:04.183\",\"lastModified\":\"2026-02-27T14:06:59.787\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet\u2019s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.\"},{\"lang\":\"es\",\"value\":\"Fleet es un software de gesti\u00f3n de dispositivos de c\u00f3digo abierto. En versiones anteriores a la 4.80.1, una vulnerabilidad en el manejo de Pub/Sub de MDM de Android de Fleet podr\u00eda permitir que solicitudes no autenticadas desencadenen eventos de desinscripci\u00f3n de dispositivos. Esto puede resultar en la eliminaci\u00f3n no autorizada de dispositivos Android individuales de la gesti\u00f3n de Fleet. Si el MDM de Android est\u00e1 habilitado, un atacante podr\u00eda enviar una solicitud manipulada al endpoint de Pub/Sub de Android para desinscribir un dispositivo Android objetivo de Fleet sin autenticaci\u00f3n. Este problema no otorga acceso a Fleet, no permite la ejecuci\u00f3n de comandos ni proporciona visibilidad de los datos del dispositivo. El impacto se limita a la interrupci\u00f3n de la gesti\u00f3n de dispositivos Android para el dispositivo afectado. La versi\u00f3n 4.80.1 corrige el problema. Si una actualizaci\u00f3n inmediata no es posible, los usuarios afectados de Fleet deber\u00edan deshabilitar temporalmente el MDM de Android.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-24004\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-26T14:33:39.131793Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-26T14:33:47.683Z\"}}], \"cna\": {\"title\": \"Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint\", \"source\": {\"advisory\": \"GHSA-9pm7-6g36-6j78\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"fleetdm\", \"product\": \"fleet\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.80.1\"}]}], \"references\": [{\"url\": \"https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78\", \"name\": \"https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet\\u2019s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-26T02:43:14.600Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-24004\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T14:33:57.282Z\", \"dateReserved\": \"2026-01-19T18:49:20.659Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-26T02:43:14.600Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-24004

Vulnerability from fkie_nvd - Published: 2026-02-26 03:16 - Updated: 2026-02-27 14:06

Severity ?

1.7 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet\u2019s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM."
    },
    {
      "lang": "es",
      "value": "Fleet es un software de gesti\u00f3n de dispositivos de c\u00f3digo abierto. En versiones anteriores a la 4.80.1, una vulnerabilidad en el manejo de Pub/Sub de MDM de Android de Fleet podr\u00eda permitir que solicitudes no autenticadas desencadenen eventos de desinscripci\u00f3n de dispositivos. Esto puede resultar en la eliminaci\u00f3n no autorizada de dispositivos Android individuales de la gesti\u00f3n de Fleet. Si el MDM de Android est\u00e1 habilitado, un atacante podr\u00eda enviar una solicitud manipulada al endpoint de Pub/Sub de Android para desinscribir un dispositivo Android objetivo de Fleet sin autenticaci\u00f3n. Este problema no otorga acceso a Fleet, no permite la ejecuci\u00f3n de comandos ni proporciona visibilidad de los datos del dispositivo. El impacto se limita a la interrupci\u00f3n de la gesti\u00f3n de dispositivos Android para el dispositivo afectado. La versi\u00f3n 4.80.1 corrige el problema. Si una actualizaci\u00f3n inmediata no es posible, los usuarios afectados de Fleet deber\u00edan deshabilitar temporalmente el MDM de Android."
    }
  ],
  "id": "CVE-2026-24004",
  "lastModified": "2026-02-27T14:06:59.787",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.7,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-26T03:16:04.183",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-9PM7-6G36-6J78

Vulnerability from github – Published: 2026-02-26 19:38 – Updated: 2026-02-26 19:38

Summary

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Details

Summary

A vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management.

Impact

If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication.

This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device.

Workarounds

If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.

For more information

If there any questions or comments about this advisory:

Email Fleet at security@fleetdm.com Join #fleet in osquery Slack

Credits

Fleet thanks @secfox-ai for responsibly reporting this issue.

Severity ?

6.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/fleetdm/fleet/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.80.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-26T19:38:56Z",
    "nvd_published_at": "2026-02-26T03:16:04Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nA vulnerability in Fleet\u2019s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management.\n\n### Impact\n\nIf Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication.\n\nThis issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device.\n\n### Workarounds\n\nIf an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.\n\n### For more information\n\nIf there any questions or comments about this advisory:\n\nEmail Fleet at [security@fleetdm.com](mailto:security@fleetdm.com)\nJoin #fleet in [osquery Slack](https://join.slack.com/t/osquery/shared_invite/zt-h29zm0gk-s2DBtGUTW4CFel0f0IjTEw)\n\n### Credits\n\nFleet thanks @secfox-ai for responsibly reporting this issue.",
  "id": "GHSA-9pm7-6g36-6j78",
  "modified": "2026-02-26T19:38:56Z",
  "published": "2026-02-26T19:38:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-9pm7-6g36-6j78"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24004"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fleetdm/fleet/commit/24dd2257ae7127680a2f6cd1a4eee58a9c95dd34"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fleetdm/fleet"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint "
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-24004 (GCVE-0-2026-24004)

FKIE_CVE-2026-24004

GHSA-9PM7-6G36-6J78

Summary

Impact

Workarounds

For more information

Credits

Tags

Sightings

Nomenclature