Authorization Flaw in OliveTin Web Interface Affects Multiple Users
CVE-2026-30233

6.5MEDIUM

Key Information:

Vendor

Olivetin

Status
Olivetin
Vendor
CVE Published:
6 March 2026

What is CVE-2026-30233?

OliveTin contains an authorization flaw that allows authenticated users with inadequate permissions to access sensitive action bindings and metadata through the web dashboard and API endpoints. While these users are restricted from executing commands, the backend does not properly enforce view permissions, leading to the potential exposure of action titles, IDs, icons, and underlying argument metadata. This vulnerability has been addressed in version 3000.11.1, which ensures more stringent permission checks.

Affected Version(s)

OliveTin < 3000.11.1

References

https://github.com/OliveTin/OliveTin/security/advisories/...
x_refsource_CONFIRM
https://github.com/OliveTin/OliveTin/commit/d7962710e7c46...
x_refsource_MISC
https://github.com/OliveTin/OliveTin/releases/tag/3000.11.1
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.