Directory Traversal Vulnerability in OliveTin Web Interface
CVE-2026-31817

8.5HIGH

Key Information:

Vendor: Olivetin
Status: Olivetin
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-31817?

The OliveTin web application contains a directory traversal vulnerability that allows attackers to manipulate user input related to the UniqueTrackingId in the StartAction API. This flaw permits unauthorized file writes to arbitrary locations on the filesystem when the saveLogs feature is enabled. This risk is particularly concerning as it allows exploitation without proper input validation or sanitization. Users are strongly encouraged to update to version 3000.11.2 or later to mitigate this risk.

Affected Version(s)

OliveTin < 3000.11.2

References

https://github.com/OliveTin/OliveTin/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31817 Data

JSON

Olivetin

What is CVE-2026-31817?

Affected Version(s)

References

CVSS V3.1

Timeline