Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OliveTin — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting OliveTin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OliveTin serves as a web-based UI for command-line tools, primarily used for automating system administration tasks. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The application's exposure of system commands through web interfaces creates inherent risks, with several CVEs highlighting insufficient access controls and unsafe command execution. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in similar web-to-command interfaces underscores the importance of proper hardening and access restrictions for deployments handling sensitive operations.

Top products by OliveTin: OliveTin
CVE IDTitleCVSSSeverityPublished
CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream — OliveTinCWE-284 8.8AIHighAI2026-03-11
CVE-2026-31817 OliveTin's unsafe parsing of UniqueTrackingId can be used to write files — OliveTinCWE-22 8.5 High2026-03-10
CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards — OliveTinCWE-200 6.5 Medium2026-03-06
CVE-2026-30225 OliveTin: RestartAction always runs actions as guest — OliveTinCWE-441 5.3 Medium2026-03-06
CVE-2026-30223 OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes — OliveTinCWE-287 8.8 High2026-03-06
CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session — OliveTinCWE-384 5.4 Medium2026-03-06
CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login — OliveTinCWE-284 7.5 High2026-03-05
CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling — OliveTinCWE-362 7.5 High2026-03-05
CVE-2026-28342 OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint — OliveTinCWE-770 7.5 High2026-03-05
CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks — OliveTinCWE-78 10.0 Critical2026-02-25

This page lists every published CVE security advisory associated with OliveTin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.