How to fix CVE-2026-28789?

Within 24 hours: Inventory all OliveTin deployments and identify version numbers. Within 7 days: Apply vendor patch to upgrade OliveTin to version 3.0.10.3 or later across all instances. Within 30 days: Validate patch deployment, confirm OAuth2 login functionality, and document completion in your patch management system.

Is Golang affected by CVE-2026-28789?

OliveTin versions prior to 3.0.10.3 contain an unauthenticated denial-of-service vulnerability in the OAuth2 login flow that could render the web interface unavailable to legitimate users.

CVE-2026-28789

HIGH

2026-03-05 [email protected]

GHSA-45m3-398w-m2m9

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 10, 2026 - 15:42 vuln.today

Public exploit code

Patch Released

Mar 10, 2026 - 15:42 nvd

Patch available

CVE Published

Mar 05, 2026 - 20:16 nvd

HIGH 7.5

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3.

Analysis

OliveTin versions prior to 3000.10.3 are vulnerable to unauthenticated denial-of-service attacks when OAuth2 authentication is enabled, allowing remote attackers to crash the application by sending concurrent requests to the login endpoint. The vulnerability stems from unsynchronized access to shared state during OAuth2 processing, triggering a Go runtime panic. …

Remediation

Within 24 hours: Inventory all OliveTin deployments and identify version numbers. Within 7 days: Apply vendor patch to upgrade OliveTin to version 3.0.10.3 or later across all instances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

CVE-2026-28789 vulnerability details – vuln.today

Back

CVE-2026-28789

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28789

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code