CVE-2026-30225
📋 TL;DR
CVE-2026-30225 is an authentication context confusion vulnerability in OliveTin that allows low-privileged authenticated users to bypass ACL restrictions and execute arbitrary shell commands they shouldn't have permission to run. This occurs because the RestartAction function creates a new internal request without preserving authentication context, causing the system to fall back to guest permissions. All OliveTin instances with guest accounts having broader permissions than authenticated users are affected.
💻 Affected Systems
- OliveTin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated low-privilege user gains full administrative access to execute any configured shell commands, potentially leading to complete system compromise, data exfiltration, or lateral movement.
Likely Case
Low-privileged users execute unauthorized shell commands within the configured OliveTin action set, leading to privilege escalation and potential data access or system modification.
If Mitigated
With proper guest account restrictions and network segmentation, impact is limited to unauthorized execution of a subset of configured commands.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability mechanism is clearly documented in the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3000.11.1
Vendor Advisory: https://github.com/OliveTin/OliveTin/security/advisories/GHSA-p443-p7w5-2f7f
Restart Required: Yes
Instructions:
1. Backup current OliveTin configuration. 2. Stop OliveTin service. 3. Update to version 3000.11.1 or later using your package manager or manual installation. 4. Restart OliveTin service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Guest Permissions
allConfigure guest account to have minimal or no permissions, ensuring it doesn't have broader access than authenticated users.
# Edit OliveTin config.yaml to restrict guest permissions
# Set guest permissions to minimal or disable guest access entirely
Disable RestartAction
allRemove or disable the RestartAction functionality if not required.
# Modify OliveTin configuration to disable RestartAction
# Remove RestartAction from actions configuration
🧯 If You Can't Patch
- Implement strict network access controls to limit OliveTin access to trusted users only
- Regularly audit and monitor OliveTin logs for unauthorized command execution attempts
🔍 How to Verify
Check if Vulnerable:
Check OliveTin version: if version is less than 3000.11.1, the system is vulnerable.Check Version:
olivetin --version or check the web interface version displayVerify Fix Applied:
Confirm OliveTin version is 3000.11.1 or higher and test that low-privilege users cannot execute actions beyond their permissions.📡 Detection & Monitoring
Log Indicators:
- Unauthorized command execution by authenticated users
- Guest account activity from authenticated sessions
- RestartAction usage followed by unexpected command execution
Network Indicators:
- HTTP requests to RestartAction endpoints from low-privilege users
SIEM Query:
source="olivetin" AND (event="command_execution" AND user="guest" AND src_user!="guest") OR (endpoint="/api/restart" AND user_level="low")