Back to CVE List

CVE-2026-32102

HIGH SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-284
Source
NVD
Vendor
OliveTin
Product
OliveTin

External References

Discussion (0)

Add Comment

No comments yet. Be the first!