How to fix CVE-2026-28790?

Within 24 hours: Identify all OliveTin instances in your environment and document current versions. Within 7 days: Upgrade all affected OliveTin deployments to version 3.0.0.11 or later. Within 30 days: Conduct a review of any action terminations occurring before the patch date to identify if this vulnerability was exploited.

Is Olivetin affected by CVE-2026-28790?

OliveTin versions prior to 3.0.0.11 contain an authentication bypass vulnerability that allows unauthenticated users to disrupt critical automated operations by terminating running actions, even when guest login restrictions are configured.

CVE-2026-28790

HIGH

2026-03-05 [email protected]

GHSA-4fqm-6fmh-82mq

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 10, 2026 - 15:29 vuln.today

Public exploit code

Patch Released

Mar 10, 2026 - 15:29 nvd

Patch available

CVE Published

Mar 05, 2026 - 20:16 nvd

HIGH 7.5

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0.

Analysis

OliveTin versions prior to 3000.11.0 suffer from broken access control allowing unauthenticated users to invoke the KillAction RPC endpoint and terminate running shell command executions, bypassing authentication restrictions. Public exploit code exists for this vulnerability, enabling remote denial of service attacks against legitimate administrative actions. …

Remediation

Within 24 hours: Identify all OliveTin instances in your environment and document current versions. Within 7 days: Upgrade all affected OliveTin deployments to version 3.0.0.11 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

CVE-2026-28790 vulnerability details – vuln.today

Back

CVE-2026-28790

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28790

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code