What is CVE-2026-48709?

CVE-2026-48709 is a low-severity vulnerability in Olivetin, classified under Missing Authorization. CVSS score: 3.7/10. Published 2026-06-15.

How severe is CVE-2026-48709?

Low severity. CVSS v3 base score is 3.7 out of 10.

Auth bypass in Olivetin

CVE-2026-48709

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unli…

Vulnerability class: Broken Access Control

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Olivetin — versions < 3000.13.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/OliveTin/OliveTin/security/advisories/GHSA-f637-w7p2-m7fx (x_refsource_CONFIRM)
https://github.com/OliveTin/OliveTin/releases/tag/3000.13.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-48709?: CVE-2026-48709 is a low-severity vulnerability in Olivetin, classified under Missing Authorization. CVSS score: 3.7/10. Published 2026-06-15.
How severe is CVE-2026-48709?: Low severity. CVSS v3 base score is 3.7 out of 10.