CVE-2026-32102
OliveTin Unauthorized Action Output Disclosure via EventStream
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.
| CWE | CWE-284 CWE-863 |
| Vendor | olivetin |
| Product | olivetin |
| Published | Mar 11, 2026 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for olivetin olivetin
Be the first to know when new unknown vulnerabilities affecting olivetin olivetin are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
OliveTin / OliveTin
< 3000.10.2