CVE-2026-32102
HIGH SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Description
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-284
Source
NVD
Vendor
OliveTin
Product
OliveTin
Discussion (0)
Add Comment
No comments yet. Be the first!