Access Control Vulnerability in OliveTin Web Interface
CVE-2026-30223
8.8HIGH
What is CVE-2026-30223?
The OliveTin web application prior to version 3000.11.1 exhibits a vulnerability related to JWT authentication. When configured with either a local RSA public key or HMAC secret, the application fails to enforce the audience value during token parsing. This allows unauthorized access if validly signed JWT tokens containing an incorrect audience claim are used. Users are encouraged to upgrade to version 3000.11.1 to mitigate this risk.
Affected Version(s)
OliveTin < 3000.11.1