Is Olivetin affected by CVE-2026-30223?

OliveTin, a web-based command execution tool, contains a critical vulnerability (CVSS 8.8) that allows attackers to execute arbitrary shell commands through the web interface. Active exploits exist in the wild, creating immediate risk to any organization running this software.

CVE-2026-30223

HIGH

2026-03-06 [email protected]

GHSA-g962-2j28-3cg9

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 12, 2026 - 16:05 vuln.today

Public exploit code

Patch Released

Mar 12, 2026 - 16:05 nvd

Patch available

CVE Published

Mar 06, 2026 - 21:16 nvd

HIGH 8.8

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured audience value (authJwtAud) is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted for authentication. This allows authentication using tokens intended for a different audience/service. This issue has been patched in version 3000.11.1.

Analysis

OliveTin gives access to predefined shell commands from a web interface. [CVSS 8.8 HIGH]

Remediation

Within 24 hours: Identify all systems running OliveTin and isolate them from production networks or restrict web access to trusted IP ranges only. Within 7 days: Apply the available vendor patch to all affected instances and validate successful deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: +20

CVE-2026-30223 vulnerability details – vuln.today

Back

CVE-2026-30223

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-30223

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code