GO-2026-4587 OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login in github.com/OliveTin/OliveTin

OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login in github.com/OliveTin/OliveTin...

CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...

CVE-2026-28790

OliveTin prior to 3000.11.0 allows an unauthenticated guest to terminate running actions via KillAction RPC, despite authRequireGuestsToLogin: true. Guests may access the KillAction endpoint directly and stop actions, causing unauthorized denial of service. This is a broken access control issue w...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the KillAction function. An attacker can terminate active jobs initiated by legitimate users by directly invoking the KillAction endpoint without authentication, even when guest login is required. This can...

GHSA-4FQM-6FMH-82MQ OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login

Summary OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. In the tested release 3000.10.2, guests are correctly blocked from dashboard access, but an still call the KillAction RPC directly and successfully...

PT-2026-22999

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.0 Description OliveTin allows an unauthenticated guest to terminate running actions through the KillAction Remote Procedure Call RPC even when authRequireGuestsToLogin: true is enabled. Guests are blocked fro...