CVE-2026-28789

High CVSS: 7.5

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3.

Vendor

Olivetin

Product

Olivetin

CWE

CWE-362

Yayın Tarihi

2026-03-05 20:16:16

Güncelleme

2026-03-10 15:42:11

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-362 Olivetin HIGH Olivetin 2026

Referanslar

https://github.com/OliveTin/OliveTin/commit/f044d90d5525c4c8e3f421b32ed7eff771c22d36 https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9 https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9

Benzer Kayıtlar

High

CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live Event…

High

CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature i…

Medium

CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization fl…

High

CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentica…

Medium

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not r…

Medium

CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication c…