{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2026-22808","title":"Title"},{"category":"description","text":"fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token (FLEET::auth_token) from localStorage. This could allow unauthorized access to Fleet, including administrative access, visibility into device data, and modification of configuration. Versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2026-22808","url":"https://www.suse.com/security/cve/CVE-2026-22808"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2026:0403-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024084.html"}],"title":"SUSE CVE CVE-2026-22808","tracking":{"current_release_date":"2026-02-20T00:25:49Z","generator":{"date":"2026-02-07T00:25:50Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2026-22808","initial_release_date":"2026-02-07T00:25:50Z","revision_history":[{"date":"2026-02-07T00:25:50Z","number":"2","summary":"references added,severity changed from  to not set"},{"date":"2026-02-10T00:25:21Z","number":"3","summary":"references added"},{"date":"2026-02-20T00:25:49Z","number":"4","summary":"severity changed from not set to moderate"}],"status":"interim","version":"4"}}}