cbcvebase.
CVE-2026-31817
published 2026-03-10

CVE-2026-31817: OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution…

PriorityP261high8.5CVSS 3.1
AVNACLPRLUINSCCNIHAL
EPSS
0.71%
49.0th percentile
OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comolivetin_olivetin>= 0 < 0.0.0-20260309102040-b03af0e2eca30.0.0-20260309102040-b03af0e2eca3
olivetinolivetin< 3000.11.23000.11.2

Detection & IOCsextracted from sources · hover to see the quote

path../../../
  • Monitor StartAction API requests containing directory traversal sequences (e.g., '../') in the UniqueTrackingId field
  • Alert on unexpected file creation outside the designated OliveTin log directory, particularly when the saveLogs feature is enabled
  • ·The path traversal vulnerability is only exploitable when the saveLogs feature is explicitly enabled in OliveTin configuration
  • ·Affected package is github.com/olivetin/olivetin; versions prior to 3000.11.2 are vulnerable
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.