[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-26060":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-22T16:08:08.064Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":27,"related":28,"reserved_at":9,"published_at":30,"modified_at":31,"state":32,"summary":33,"references_raw":42,"kevs":62,"epss":63,"epss_history":66,"metrics":234,"affected":248},"CVE-2026-26060","Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reused to reset the account password even after a defensive password change. Version 4.81.0 patches the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-613","Insufficient Session Expiration","According to WASC, \"Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.\"","weakness","Incomplete","Base",[],[],[21,22],"GHSA-3458-r943-hmx4","GO-2026-4888",[],[25],{"_key":26},"SUSE-SU-2026:1205-1",[],[29],{"_key":26},"2026-03-27T18:22:43.244Z","2026-03-27T19:32:38.862Z","Analyzed",{"cisa_kev":34,"cisa_ransomware":34,"cisa_vendor":9,"epss_severity":35,"epss_score":36,"severity":37,"severity_score":38,"severity_version":39,"severity_source":40,"severity_vector":41,"severity_status":32},false,"low",0.00019,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[43,53,58],{"url":44,"sources":45,"tags":48},"https://github.com/fleetdm/fleet/security/advisories/GHSA-3458-r943-hmx4",[46,40,47],"cve.org","osv_go",[49,50,51,52],"X Refsource CONFIRM","WEB","Vendor Advisory","Advisory",{"url":54,"sources":55,"tags":56},"https://github.com/fleetdm/fleet",[47],[57],"PACKAGE",{"url":59,"sources":60,"tags":61},"https://nvd.nist.gov/vuln/detail/CVE-2026-26060",[47],[52],[],{"date":64,"score":36,"percentile":65},"2026-05-22",0.05635,[67,71,74,77,80,84,88,91,94,97,100,103,106,109,112,115,118,121,124,127,130,133,135,138,141,144,147,150,153,156,159,162,166,169,172,175,178,180,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,233],{"date":68,"score":69,"percentile":70},"2026-03-28",0.00038,0.1163,{"date":72,"score":69,"percentile":73},"2026-03-29",0.11596,{"date":75,"score":69,"percentile":76},"2026-03-30",0.11568,{"date":78,"score":69,"percentile":79},"2026-03-31",0.11523,{"date":81,"score":82,"percentile":83},"2026-04-01",0.00041,0.12506,{"date":85,"score":86,"percentile":87},"2026-04-02",0.00046,0.14268,{"date":89,"score":86,"percentile":90},"2026-04-03",0.14298,{"date":92,"score":86,"percentile":93},"2026-04-04",0.14331,{"date":95,"score":86,"percentile":96},"2026-04-05",0.14311,{"date":98,"score":86,"percentile":99},"2026-04-06",0.14155,{"date":101,"score":86,"percentile":102},"2026-04-07",0.14139,{"date":104,"score":86,"percentile":105},"2026-04-08",0.14221,{"date":107,"score":86,"percentile":108},"2026-04-09",0.14274,{"date":110,"score":86,"percentile":111},"2026-04-10",0.14263,{"date":113,"score":86,"percentile":114},"2026-04-11",0.14222,{"date":116,"score":86,"percentile":117},"2026-04-12",0.14182,{"date":119,"score":86,"percentile":120},"2026-04-13",0.14125,{"date":122,"score":86,"percentile":123},"2026-04-14",0.13994,{"date":125,"score":86,"percentile":126},"2026-04-15",0.14024,{"date":128,"score":86,"percentile":129},"2026-04-16",0.14015,{"date":131,"score":86,"percentile":132},"2026-04-17",0.14014,{"date":134,"score":86,"percentile":132},"2026-04-18",{"date":136,"score":86,"percentile":137},"2026-04-19",0.1397,{"date":139,"score":86,"percentile":140},"2026-04-20",0.13948,{"date":142,"score":86,"percentile":143},"2026-04-21",0.14092,{"date":145,"score":86,"percentile":146},"2026-04-22",0.14151,{"date":148,"score":86,"percentile":149},"2026-04-23",0.14166,{"date":151,"score":86,"percentile":152},"2026-04-24",0.14132,{"date":154,"score":86,"percentile":155},"2026-04-25",0.14123,{"date":157,"score":86,"percentile":158},"2026-04-26",0.14108,{"date":160,"score":86,"percentile":161},"2026-04-27",0.14088,{"date":163,"score":164,"percentile":165},"2026-04-28",0.00053,0.1645,{"date":167,"score":164,"percentile":168},"2026-04-29",0.16452,{"date":170,"score":164,"percentile":171},"2026-04-30",0.16422,{"date":173,"score":164,"percentile":174},"2026-05-01",0.16405,{"date":176,"score":164,"percentile":177},"2026-05-02",0.16436,{"date":179,"score":164,"percentile":174},"2026-05-03",{"date":181,"score":164,"percentile":182},"2026-05-04",0.16339,{"date":184,"score":164,"percentile":185},"2026-05-05",0.16321,{"date":187,"score":164,"percentile":188},"2026-05-06",0.16316,{"date":190,"score":164,"percentile":191},"2026-05-07",0.16439,{"date":193,"score":164,"percentile":194},"2026-05-08",0.16475,{"date":196,"score":164,"percentile":197},"2026-05-09",0.16546,{"date":199,"score":164,"percentile":200},"2026-05-10",0.16531,{"date":202,"score":164,"percentile":203},"2026-05-11",0.16511,{"date":205,"score":164,"percentile":206},"2026-05-12",0.16544,{"date":208,"score":164,"percentile":209},"2026-05-13",0.1657,{"date":211,"score":164,"percentile":212},"2026-05-14",0.16615,{"date":214,"score":164,"percentile":215},"2026-05-15",0.16614,{"date":217,"score":164,"percentile":218},"2026-05-16",0.16626,{"date":220,"score":164,"percentile":221},"2026-05-17",0.16604,{"date":223,"score":164,"percentile":224},"2026-05-18",0.16556,{"date":226,"score":164,"percentile":227},"2026-05-19",0.16534,{"date":229,"score":164,"percentile":230},"2026-05-20",0.16545,{"date":232,"score":164,"percentile":227},"2026-05-21",{"date":64,"score":36,"percentile":65},[235,239,246],{"source":46,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":236},{"baseScore":4,"baseSeverity":237,"vectorString":238,"impactScore":9,"exploitabilityScore":9},"MEDIUM","CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",{"source":40,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":240,"cvss_v4_0":244},{"baseScore":38,"baseSeverity":241,"vectorString":41,"impactScore":242,"exploitabilityScore":243},"HIGH",9.8,7.2,{"baseScore":4,"baseSeverity":237,"vectorString":245,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":247},{"baseScore":4,"baseSeverity":9,"vectorString":238,"impactScore":9,"exploitabilityScore":9},[249,260],{"ecosystem":9,"name":250,"vendor":251,"product":250,"cpe_part":252,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":253},"fleet","fleetdm","a",[254],{"version":255,"is_range":256,"range_type":257,"version_start":9,"version_start_type":9,"version_end":258,"version_end_type":259,"fixed_in":9},"lt4.81.0",true,"cpe","4.81.0","excluding",{"ecosystem":261,"name":262,"vendor":263,"product":264,"cpe_part":9,"purl_type":265,"purl_namespace":263,"purl_name":264,"source":9,"versions":266},"Go","github.com/fleetdm/fleet/v4","github.com/fleetdm/fleet","v4","golang",[267,271],{"version":268,"is_range":256,"range_type":269,"version_start":9,"version_start_type":9,"version_end":270,"version_end_type":259,"fixed_in":9},"lt4_43_5_0_20260113202849_bbc1aef2987d","semver","4.43.5-0.20260113202849-bbc1aef2987d",{"version":272,"is_range":256,"range_type":269,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all"]