What is the CVSS score of CVE-2026-27626?

CVE-2026-27626 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Olivetin are affected by CVE-2026-27626?

A critical vulnerability in OliveTin (CVE-2026-27626) allows authenticated attackers to execute arbitrary shell commands through password arguments, bypassing safety checks.. A patch is available.

Is there a public PoC exploit available for CVE-2026-27626?

Yes, a public proof-of-concept exploit is available for CVE-2026-27626. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-27626?

Within 24 hours: Disable OliveTin or restrict access to trusted networks only; audit recent command execution logs for suspicious activity. Within 7 days: Implement network segmentation to isolate OliveTin from production systems; enforce multi-factor authentication on administrative accounts; document all OliveTin integrations. Within 30 days: Evaluate alternative solutions; plan migration strategy; establish monitoring for CVE-2026-27626 exploit attempts.

Olivetin CVE-2026-27626

CRITICAL

OS Command Injection (CWE-78)

2026-02-25 security-advisories@github.com

GHSA-49gm-hh7w-wfvf

RCE Command Injection Olivetin Suse

9.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 27, 2026 - 18:58 vuln.today

Public exploit code

CVE Published

Feb 25, 2026 - 03:16 nvd

CRITICAL 9.9

DescriptionGitHub Advisory

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (checkShellArgumentSafety) blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell metacharacters that execute arbitrary OS commands. A second independent vector allows unauthenticated RCE via webhook-extracted JSON values that skip type safety checks entirely before reaching sh -c. When exploiting vector 1, any authenticated user (registration enabled by default, authType: none by default) can execute arbitrary OS commands on the OliveTin host with the permissions of the OliveTin process. When exploiting vector 2, an unauthenticated attacker can achieve the same if the instance receives webhooks from external sources, which is a primary OliveTin use case. When an attacker exploits both vectors, this results in unauthenticated RCE on any OliveTin instance using Shell mode with webhook-triggered actions. As of time of publication, a patched version is not available.

AnalysisAI

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Exploit

Supply password argument with shell metacharacters

Execution

Execute arbitrary OS commands via sh -c

Impact

Achieve system compromise with application privileges

Access

Exploit

Supply password argument with shell metacharacters

Execution

Execute arbitrary OS commands via sh -c

Impact

Achieve system compromise with application privileges

Vulnerability AssessmentAI

Exploitation	OliveTin versions up to and including 3000.10.0 with user registration enabled (default configuration). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.9 with scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker injects additional commands through OliveTin's web interface, executing arbitrary commands with OliveTin's service privileges.
Remediation	Update OliveTin. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Disable OliveTin or restrict access to trusted networks only; audit recent command execution logs for suspicious activity. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48708 HIGH This Week

7.5 Jun 15

Concurrent action execution in OliveTin versions 3000.0.0 and prior triggers a race condition in a shared text/template.

CVE-2026-48709 LOW Monitor

3.7 Jun 15

OliveTin's ValidateArgumentType RPC endpoint exposes action binding IDs and argument configurations to unauthenticated n

Vendor StatusVendor

SUSE

Severity: Critical

Product	Status
openSUSE Leap 15.6	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6	Fixed
openSUSE Leap 15.5	Fixed

CVE-2026-27626 vulnerability details – vuln.today

Back

Olivetin CVE-2026-27626

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code