Skip to main content

OliveTin CVE-2026-53541

MEDIUM
Improper Input Validation (CWE-20)
2026-06-24 https://github.com/OliveTin/OliveTin GHSA-prj9-97mp-mwh2
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
4.3 MEDIUM

Network-reachable API requires low-privilege authentication; integrity impact is limited to environment variable injection with no confirmed direct code execution, no confidentiality or availability impact, and no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 24, 2026 - 18:24 vuln.today
Analysis Generated
Jun 24, 2026 - 18:24 vuln.today

DescriptionGitHub Advisory

Description

The filterToDefinedArgumentsOnly function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with ot_ to bypass this filter. While two system arguments (ot_executionTrackingId and ot_username) are injected by OliveTin and overridden, all other ot_-prefixed arguments supplied by the user pass through unmodified.

These bypassed arguments are:

  1. Not type-checked - the validation loop only iterates over the action's defined arguments, so ot_-prefixed arguments skip all type safety checks entirely.
  2. Set as environment variables - via buildEnv(), with completely unvalidated values, and passed to the executed command.
  3. Included in the template context - available as .Arguments.ot_* in template rendering.

Affected Code

Filter bypass - service/internal/executor/executor.go (lines 728-731):

go
func keepArgument(name string, definedNames map[string]struct{}) bool {
    _, ok := definedNames[name]
    return ok || strings.HasPrefix(name, "ot_")
}

System args only override two keys - service/internal/executor/executor.go (lines 742-745):

go
func injectSystemArgs(req *ExecutionRequest) {
    req.Arguments["ot_executionTrackingId"] = req.TrackingID
    req.Arguments["ot_username"] = req.AuthenticatedUser.Username
}

Any other ot_-prefixed argument (e.g., ot_malicious) survives both functions.

Unvalidated values become environment variables - service/internal/executor/executor.go (lines 867-882):

go
func buildEnv(args map[string]string) []string {
    ret := append(os.Environ(), "OLIVETIN=1")
    for k, v := range args {
        varName := fmt.Sprintf("%v", strings.TrimSpace(strings.ToUpper(k)))
        if varName == "" { continue }
        ret = append(ret, fmt.Sprintf("%v=%v", varName, v))
    }
    return ret
}

The value v is never validated. It can contain newlines, shell metacharacters, null bytes, or any arbitrary data.

Proof of Concept

An attacker sends a StartAction request with extra ot_-prefixed arguments:

json
{
  "bindingId": "<any-action-id>",
  "arguments": [
    { "name": "ot_custom_var", "value": "arbitrary unvalidated content \n with newlines" },
    { "name": "ot_another",    "value": "$(whoami)" }
  ]
}

These arguments:

  • Pass through filterToDefinedArgumentsOnly (the ot_ prefix exempts them).
  • Are never type-checked (not in the action's argument definitions).
  • Become environment variables OT_CUSTOM_VAR and OT_ANOTHER in the executed command's environment.
  • Are available in the template rendering context as .Arguments.ot_custom_var and .Arguments.ot_another.

Impact

  • Environment variable pollution - attacker can set arbitrary environment variables (with OT_ uppercased prefix) in the execution environment of any action they can trigger. Scripts or programs that read custom environment variables could be influenced.
  • Potential for secondary exploitation - if any executed script or command reads OT_-prefixed environment variables, the unvalidated content could cause unexpected behavior.
  • Template context pollution - although Go's text/template does not recursively evaluate data values (mitigating direct template injection), the extra arguments are accessible in the template context and could interact unexpectedly with custom template logic.

Suggested Fix

Remove the ot_ prefix exception from keepArgument, or restrict it to only the two known system arguments:

go
var systemArgs = map[string]struct{}{
    "ot_executionTrackingId": {},
    "ot_username":            {},
}

func keepArgument(name string, definedNames map[string]struct{}) bool {
    _, isDefined := definedNames[name]
    _, isSystem := systemArgs[name]
    return isDefined || isSystem
}

---

Discovery Methodology

Both vulnerabilities were identified through manual source code review of the OliveTin repository, focusing on:

  • Input validation boundaries (API request fields flowing into file system operations and execution contexts)
  • Argument filtering and type-checking logic in the executor
  • File path construction in the log persistence feature

No automated scanners or fuzzing tools were used. The review was conducted against the current main branch source code.

---

AnalysisAI

Unvalidated ot_-prefixed argument injection in OliveTin allows any authenticated user with action-trigger access to bypass input filtering, inject arbitrary environment variables into action execution contexts, and pollute Go template rendering data. All OliveTin versions prior to commit ebffd9f040f7 (Go pseudo-version < 0.0.0-20260531214440-ebffd9f040f7) are affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate to OliveTin with low-privilege credentials
Delivery
Identify any triggerable action binding ID
Exploit
Send StartAction request with ot_-prefixed arguments containing shell metacharacters
Install
Arguments bypass filterToDefinedArgumentsOnly and type-safety checks
C2
Unvalidated values injected as OT_ environment variables into action execution context
Execute
Triggered action's backing script reads OT_ variable unsafely
Impact
Shell metacharacters execute under OliveTin process identity

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated OliveTin session with sufficient permission to call the `StartAction` API endpoint for at least one action - corresponding to CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 4.3 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) is consistent with the described flaw: network-reachable, low-complexity exploitation by any authenticated low-privilege user, with integrity-only impact and no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated OliveTin user sends a `StartAction` request with extra arguments `ot_another` set to `$(whoami)` alongside any legitimate action binding ID. The argument passes through `filterToDefinedArgumentsOnly` unchecked, is never type-validated, and is injected as environment variable `OT_ANOTHER` into the execution context of the triggered action. …
Remediation Update OliveTin to a build at or after commit `ebffd9f040f791208aee1db2e5a8aecd1e3e603d` (Go pseudo-version `0.0.0-20260531214440-ebffd9f040f7`), available from the upstream repository at https://github.com/OliveTin/OliveTin. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53541 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy