Session Management Flaw in OliveTin Affects Web Application Security
CVE-2026-30224

5.4MEDIUM

Key Information:

Vendor

Olivetin

Status
Olivetin
Vendor
CVE Published:
6 March 2026

What is CVE-2026-30224?

OliveTin, a web application, exposes a session management vulnerability that allows continued authentication with a session cookie even after a user has logged out. Before version 3000.11.1, the application fails to invalidate server-side sessions upon logout, meaning that the session remains active until it expires. This flaw poses a significant risk as attackers can leverage previously stolen session cookies to bypass authentication, undermining expected logout protocols. This issue has been addressed and rectified in version 3000.11.1.

Affected Version(s)

OliveTin < 3000.11.1

References

https://github.com/OliveTin/OliveTin/security/advisories/...
x_refsource_CONFIRM
https://github.com/OliveTin/OliveTin/commit/d6a0abc3755d4...
x_refsource_MISC
https://github.com/OliveTin/OliveTin/releases/tag/3000.11.1
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.