2 matches found
CVE-2026-48709
CVE-2026-48709 affects OliveTin’s ValidateArgumentType RPC endpoint (service/internal/api/api.go). In versions
CVE-2026-48709 OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not cal...