CVE-2026-30223
📋 TL;DR
This vulnerability in OliveTin allows authentication bypass when JWT authentication is configured. Attackers can use validly signed JWT tokens intended for different audiences to gain unauthorized access to the web interface. This affects all OliveTin deployments using JWT authentication prior to version 3000.11.1.
💻 Affected Systems
- OliveTin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the OliveTin instance allowing execution of arbitrary shell commands configured in the interface, potentially leading to full system takeover.
Likely Case
Unauthorized users gain access to execute predefined shell commands through the web interface, potentially leading to data exposure, system modification, or lateral movement.
If Mitigated
With proper network segmentation and limited shell command permissions, impact is reduced to the specific commands available in the OliveTin configuration.
🎯 Exploit Status
Exploitation requires a valid JWT token signed with the correct key/secret but with incorrect audience claim. Attackers need access to valid tokens from other services using the same signing key.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3000.11.1
Vendor Advisory: https://github.com/OliveTin/OliveTin/security/advisories/GHSA-g962-2j28-3cg9
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Stop OliveTin service. 3. Update to version 3000.11.1 or later. 4. Restart OliveTin service. 5. Verify functionality.
🔧 Temporary Workarounds
Disable JWT Authentication
allTemporarily disable JWT authentication and use alternative authentication methods
Edit OliveTin configuration to remove authJwtPubKeyPath or authJwtHmacSecret settings
Network Isolation
allRestrict network access to OliveTin web interface
Configure firewall rules to limit access to trusted IP addresses only
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the OliveTin web interface
- Review and minimize the shell commands available in OliveTin configuration to reduce attack surface
🔍 How to Verify
Check if Vulnerable:
Check OliveTin version and JWT configuration. If version < 3000.11.1 and using JWT authentication, the system is vulnerable.Check Version:
olivetin --versionVerify Fix Applied:
After updating to 3000.11.1 or later, test authentication with JWT tokens containing incorrect audience claims - they should be rejected.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts with JWT tokens
- Successful authentications from unexpected sources
- Audit logs showing JWT token validation failures
Network Indicators:
- Unusual authentication patterns to OliveTin web interface
- Requests with JWT tokens from unexpected sources
SIEM Query:
source="olivetin" AND (event_type="authentication" AND result="success") | stats count by src_ip, user