📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global insider Education HIGH 56m Global supply_chain Software Development and Technology HIGH 5h Global apt Government/Critical Infrastructure CRITICAL 7h Global vulnerability Enterprise Software / Data Analytics CRITICAL 8h Global vulnerability Artificial Intelligence and Technology HIGH 11h Global general Technology and Artificial Intelligence MEDIUM 15h Global general Technology and Artificial Intelligence HIGH 16h Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global insider Education HIGH 56m Global supply_chain Software Development and Technology HIGH 5h Global apt Government/Critical Infrastructure CRITICAL 7h Global vulnerability Enterprise Software / Data Analytics CRITICAL 8h Global vulnerability Artificial Intelligence and Technology HIGH 11h Global general Technology and Artificial Intelligence MEDIUM 15h Global general Technology and Artificial Intelligence HIGH 16h Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global insider Education HIGH 56m Global supply_chain Software Development and Technology HIGH 5h Global apt Government/Critical Infrastructure CRITICAL 7h Global vulnerability Enterprise Software / Data Analytics CRITICAL 8h Global vulnerability Artificial Intelligence and Technology HIGH 11h Global general Technology and Artificial Intelligence MEDIUM 15h Global general Technology and Artificial Intelligence HIGH 16h Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d
Vulnerabilities

CVE-2026-27465

Medium
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated use
CWE-201 — Weakness Type
Published: Feb 26, 2026  ·  Modified: Mar 5, 2026  ·  Source: NVD
CVSS v3
6.5
🔗 NVD Official
📄 Description (English)

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Fleet returns configuration data through an API endpoint that is accessible to authenticated users, including those with the lowest-privilege “Observer” role. In affected versions, Google Calendar service account credentials were not properly obfuscated before being returned. As a result, a low-privilege user could retrieve the service account’s private key material. Depending on how the Google Calendar integration is configured, this could allow unauthorized access to calendar data or other Google Workspace resources associated with the service account. This issue does not allow escalation of privileges within Fleet or access to device management functionality. Version 4.80.1 patches the issue. If an immediate upgrade is not possible, administrators should remove the Google Calendar integration from Fleet and rotate the affected Google service account credentials.

🤖 AI Executive Summary

Fleet device management software versions prior to 4.80.1 expose Google Calendar service account credentials to low-privilege authenticated users through an unobfuscated API endpoint. This vulnerability allows unauthorized access to Google Workspace resources associated with the compromised service account. While not enabling privilege escalation within Fleet itself, the credential exposure poses significant risk to organizations using Google Calendar integration for scheduling and collaboration.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 12, 2026 12:28
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using Fleet for device management with Google Calendar integration are at risk, particularly: (1) Government agencies and ministries relying on Google Workspace for inter-departmental scheduling; (2) Banking sector institutions using Fleet for endpoint management with integrated calendar systems; (3) Healthcare organizations (MOH, private hospitals) using Fleet with Google Calendar for appointment scheduling; (4) Telecommunications companies (STC, Mobily) managing device fleets with calendar integrations; (5) Large enterprises with distributed teams using Google Workspace. The exposure of service account credentials could lead to unauthorized access to sensitive scheduling data, meeting details, and potentially other Google Workspace resources, compromising organizational confidentiality.
🏢 Affected Saudi Sectors
Government Banking Healthcare Telecommunications Energy Enterprise/Large Organizations
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Audit all users with Observer or higher roles who have accessed Fleet configuration APIs in the past 30 days

2. Immediately rotate the Google Calendar service account credentials used with Fleet

3. Review Google Calendar audit logs for unauthorized access attempts

4. Disable Google Calendar integration in Fleet until patching is completed



PATCHING GUIDANCE:

1. Upgrade Fleet to version 4.80.1 or later as soon as possible

2. Test the upgrade in a non-production environment first

3. Verify that API responses no longer contain exposed credentials after upgrade



COMPENSATING CONTROLS (if immediate upgrade not possible):

1. Remove Google Calendar integration from Fleet configuration

2. Implement network-level access controls restricting API endpoint access to authorized administrators only

3. Enable API request logging and monitoring for configuration endpoint access

4. Implement IP whitelisting for Fleet API access

5. Enforce multi-factor authentication for all Fleet users



DETECTION RULES:

1. Monitor for API calls to /api/v1/fleet/config or similar configuration endpoints from low-privilege users

2. Alert on any API responses containing 'private_key' or 'service_account' strings

3. Track Google Calendar API authentication failures or unusual access patterns

4. Monitor for credential extraction patterns in API logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تدقيق جميع المستخدمين الذين لديهم أدوار Observer أو أعلى والذين وصلوا إلى واجهات برمجة تطبيقات تكوين Fleet في آخر 30 يوماً

2. تدوير بيانات اعتماد حساب خدمة Google Calendar المستخدمة مع Fleet فوراً

3. مراجعة سجلات تدقيق Google Calendar لمحاولات الوصول غير المصرح به

4. تعطيل تكامل Google Calendar في Fleet حتى يتم إكمال التصحيح



إرشادات التصحيح:

1. ترقية Fleet إلى الإصدار 4.80.1 أو أحدث في أقرب وقت ممكن

2. اختبار الترقية في بيئة غير إنتاجية أولاً

3. التحقق من أن استجابات API لا تحتوي على بيانات اعتماد معرضة بعد الترقية



الضوابط البديلة (إذا لم تكن الترقية الفورية ممكنة):

1. إزالة تكامل Google Calendar من تكوين Fleet

2. تنفيذ ضوابط الوصول على مستوى الشبكة تقيد وصول نقطة النهاية إلى المسؤولين المصرح لهم فقط

3. تفعيل تسجيل ومراقبة طلبات API لوصول نقطة نهاية التكوين

4. تنفيذ القائمة البيضاء للعناوين IP لوصول واجهة برمجة تطبيقات Fleet

5. فرض المصادقة متعددة العوامل لجميع مستخدمي Fleet



قواعد الكشف:

1. مراقبة استدعاءات API إلى /api/v1/fleet/config أو نقاط نهاية تكوين مماثلة من المستخدمين منخفضي الامتيازات

2. التنبيه على أي استجابات API تحتوي على سلاسل 'private_key' أو 'service_account'

3. تتبع فشل مصادقة Google Calendar API أو أنماط الوصول غير العادية

4. مراقبة أنماط استخراج بيانات الاعتماد في سجلات API
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1.1 - Access Control and Authentication 5.2.1 - Information Security Policies 5.3.1 - Cryptographic Controls 5.4.1 - Audit and Accountability
🔵 SAMA CSF
ID.AM-1 - Asset Management PR.AC-1 - Access Control PR.DS-1 - Data Security DE.AE-1 - Anomalies and Events
🟡 ISO 27001:2022
A.5.1.1 - Policies for information security A.6.1.1 - Information security roles and responsibilities A.8.1.1 - User endpoint devices A.9.1.1 - Access control policy A.9.2.1 - User registration and de-registration A.9.4.1 - Password management A.10.1.1 - Cryptography policy
🟣 PCI DSS v4.0.1
Requirement 1 - Firewall configuration Requirement 2 - Default passwords and security parameters Requirement 6 - Secure development and vulnerability management Requirement 7 - Restrict access to data by business need Requirement 8 - User identification and authentication
📦 Affected Products / CPE 1 entries
fleetdm:fleet
📊 CVSS Score
6.5
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score6.5
CWECWE-201
Exploit No
Patch ✗ No
Published 2026-02-26
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
6.8
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-201
🏢 Vendor Advisories
🔗 https://github.com/fleetdm/fleet/security/advisories...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.