VYPR
High severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026

OliveTin Unauthorized Action Output Disclosure via EventStream

CVE-2026-32102

Description

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/OliveTin/OliveTinGo
< 3000.10.23000.10.2

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.