What is the CVSS score of CVE-2026-32102?

CVE-2026-32102 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Olivetin are affected by CVE-2026-32102?

CVE-2026-32102 presents notable security risk, a improper access control vulnerability rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Olivetin CVE-2026-32102

MEDIUM

Improper Access Control (CWE-284)

2026-03-11 security-advisories@github.com

GHSA-228v-wc5r-j8m7

Information Disclosure Authentication Bypass Olivetin Suse

6.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SUSE

MEDIUM

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:07 vuln.today

CVE Published

Mar 11, 2026 - 21:16 nvd

MEDIUM 6.5

DescriptionGitHub Advisory

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.

AnalysisAI

OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Exposed information (credentials, internal paths, user data, configuration) can be leveraged for further attacks or regulatory violations. Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker triggers error conditions or accesses improperly protected endpoints to extract sensitive internal information from the application.
Remediation	Implement proper access controls. … Detailed patch versions, workarounds, and compensating controls in full report.