Memory Exhaustion Vulnerability in OliveTin by OliveTin
CVE-2026-28342

7.5HIGH

Key Information:

Vendor

Olivetin

Status
Olivetin
Vendor
CVE Published:
5 March 2026

What is CVE-2026-28342?

The OliveTin application exposes a serious vulnerability through its PasswordHash API endpoint, allowing unauthenticated users to exploit memory allocation processes. Before version 3000.10.2, attackers could send numerous concurrent password hashing requests that overwhelmed the application’s memory resources, potentially causing significant service degradation or even a complete denial of service. This issue arises from a lack of request throttling, authentication checks, and resource management during resource-intensive hashing operations. Users are strongly encouraged to upgrade to version 3000.10.2 to mitigate this risk.

Affected Version(s)

OliveTin < 3000.10.2

References

https://github.com/OliveTin/OliveTin/security/advisories/...
x_refsource_CONFIRM
https://github.com/OliveTin/OliveTin/commit/2eb5f0ba79d4b...
x_refsource_MISC
https://github.com/OliveTin/OliveTin/releases/tag/3000.10.2
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.