CVE-2026-28790 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate runni…
High CVSS: 7.5

CVE-2026-28790

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0.
Vendor
Olivetin
Product
Olivetin
CWE
CWE-284
Yayın Tarihi
2026-03-05 20:16:16
Güncelleme
2026-03-10 15:29:58
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-284 Olivetin HIGH Olivetin 2026

Referanslar

https://github.com/OliveTin/OliveTin/commit/d9804182eae43cf49f735e6533ddbe1541c2b9a9 https://github.com/OliveTin/OliveTin/releases/tag/3000.11.0 https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq