CVE-2026-31817
📋 TL;DR
CVE-2026-31817 is a path traversal vulnerability in OliveTin's log file creation mechanism. When the saveLogs feature is enabled, attackers can inject directory traversal sequences into the UniqueTrackingId field to write files to arbitrary filesystem locations. This affects all OliveTin deployments with saveLogs enabled prior to version 3000.11.2.
💻 Affected Systems
- OliveTin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via arbitrary file write leading to remote code execution, configuration modification, or sensitive data overwrite.
Likely Case
Unauthorized file creation/modification in web-accessible directories, potentially leading to web shell deployment or data manipulation.
If Mitigated
Limited impact if saveLogs is disabled or proper input validation is implemented.
🎯 Exploit Status
Exploitation requires access to the StartAction API endpoint. The vulnerability is simple to exploit once authenticated or if API is exposed without proper authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3000.11.2
Vendor Advisory: https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Stop OliveTin service. 3. Update to version 3000.11.2 or later. 4. Restart OliveTin service. 5. Verify logs are being written correctly.
🔧 Temporary Workarounds
Disable saveLogs feature
allDisable the vulnerable log persistence feature entirely
Edit OliveTin config file and set 'saveLogs: false'
Restrict API access
allImplement network-level restrictions to limit access to the StartAction API endpoint
Configure firewall rules to restrict access to OliveTin web interface
🧯 If You Can't Patch
- Disable saveLogs feature in configuration immediately
- Implement strict network segmentation and access controls for OliveTin instances
🔍 How to Verify
Check if Vulnerable:
Check if OliveTin version is below 3000.11.2 AND saveLogs is enabled in configurationCheck Version:
olivetin --version or check package manager versionVerify Fix Applied:
Confirm version is 3000.11.2 or higher and test that directory traversal attempts in UniqueTrackingId are rejected📡 Detection & Monitoring
Log Indicators:
- Unusual file paths in log entries
- Failed file write attempts with traversal sequences
- Multiple log files created with suspicious names
Network Indicators:
- HTTP requests to StartAction endpoint with unusual UniqueTrackingId values
- Patterns of ../ sequences in API requests
SIEM Query:
source="olivetin" AND (UniqueTrackingId="*../*" OR path="*../*")