Auth bypass in Olivetin
CVE-2026-32102
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-actio…
EPSS: 0.000 (7.1th percentile) — read the EPSS interpretation.
Affected products
- Olivetin — versions < 3000.10.2
Weakness classification (CWE)
References
- https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7 (x_refsource_CONFIRM)