CVE-2026-32102

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-32102

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32102.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-32102

Aliases

Downstream

SUSE-SU-2026:1042-1

Related

SUSE-SU-2026:1042-1

Published

2026-03-11T20:05:16.164Z

Modified

2026-04-10T05:42:19.477109Z

Severity

7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

OliveTin Unauthorized Action Output Disclosure via EventStream

Details

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32102.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284",
        "CWE-863"
    ]
}

References

Affected packages

Git / github.com/olivetin/olivetin

Affected ranges

Type: GIT
Repo: https://github.com/olivetin/olivetin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2eb5f0ba79d4bbef3c802bf8b4666a7e18dcfd90

Affected versions

2021-05-19.*

2021-05-19.28

2021-05-24.*

2021-05-24.f44

Other

2021-05-25

2021-05-28

2021-07-16

2021-07-19

2021-11-17

2021-11-17-2

2021-11-19

2022-01-06

2022-04-07

2022-10-19

2021-11-02.*

2021-11-02.alpha1-task-arguments

2022.*

2022.11.11

2022.11.14

2023.*

2023.02.16

2023.03.22

2023.03.24

2023.03.24-2

2023.03.24-3

2023.03.24-4

2023.03.25

2023.10.09

2023.10.12

2023.10.24

2023.10.25

2023.12.1

2023.12.17

2023.12.20

2023.12.21

2024.*

2024.02.01

2024.02.27

2024.02.28

2024.03.01

2024.03.05

2024.03.06

2024.03.08

2024.03.081

2024.03.24

2024.04.021

2024.04.09

2024.04.11

2024.04.14

2024.04.18

2024.04.20

2024.04.26

2024.04.261

2024.04.28

2024.05.13

2024.05.24

2024.05.27

2024.05.31

2024.05.51

2024.06.01

2024.06.02

2024.06.04

2024.07.03

2024.07.06

2024.07.07

2024.07.13

2024.07.15

2024.07.152

2024.07.153

2024.07.16

2024.08.14

2024.08.25

2024.08.31

2024.09.02

2024.09.10

2024.09.11

2024.09.16

2024.10.01

2024.10.02

2024.10.14

2024.10.17

2024.10.18

2024.10.26

2024.10.27

2024.11.02

2024.11.09

2024.11.18

2024.11.24

2024.12.11

2025.*

2025.2.19

2025.2.21

2025.3.23

2025.3.28

2025.4.14

2025.4.21

2025.4.22

2025.4.8

2025.5.26

2025.6.1

2025.6.22

2025.6.6

2025.7.13

2025.7.19

3000.*

3000.0.0

3000.0.1

3000.0.2

3000.1.0

3000.1.1

3000.1.2

3000.10.0

3000.10.1

3000.2.0

3000.2.1

3000.3.0

3000.3.1

3000.3.2

3000.4.0

3000.5.0

3000.6.0

3000.7.0

3000.8.0

3000.9.0

3000.9.1

3000.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32102.json"