CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/OliveTin/OliveTin/commit/f044d90d5525c4c8e3f421b32ed7eff771c22d36
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28789

Products

Pricing

Contact Us