Vulnerability Details CVE-2026-32102
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.6%
CVSS Severity
CVSS v3 Score 6.5